bc5dde
#
bc5dde
# Red Hat BIND package .spec file
bc5dde
#
bc5dde
bc5dde
#%%global PATCHVER P2
bc5dde
#%%global PREVER rc2
bc5dde
#%%global VERSION %{version}%{PREVER}
bc5dde
%global VERSION %{version}
bc5dde
#%%global VERSION %{version}-%{PATCHVER}
bc5dde
bc5dde
%{?!SDB:       %global SDB       1}
bc5dde
%{?!test:      %global test      0}
bc5dde
%{?!bind_uid:  %global bind_uid  25}
bc5dde
%{?!bind_gid:  %global bind_gid  25}
bc5dde
%{?!GSSTSIG:   %global GSSTSIG   1}
bc5dde
%{?!PKCS11:    %global PKCS11    1}
bc5dde
%{?!DEVEL:     %global DEVEL     1}
bc5dde
%global        bind_dir          /var/named
bc5dde
%global        chroot_prefix     %{bind_dir}/chroot
24159a
%global        selinuxbooleans   named_write_master_zones=1
fd4b48
%if %{SDB}
fd4b48
%global        chroot_sdb_prefix %{bind_dir}/chroot_sdb
fd4b48
%endif
bc5dde
#
bc5dde
Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
bc5dde
Name:     bind
bc5dde
License:  ISC
bc5dde
Version:  9.9.4
a38b63
Release:  73%{?PATCHVER}%{?PREVER}%{?dist}
bc5dde
Epoch:    32
bc5dde
Url:      http://www.isc.org/products/BIND/
bc5dde
Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
bc5dde
Group:    System Environment/Daemons
bc5dde
#
310562
Source:   https://ftp.isc.org/isc/bind9/%{VERSION}/bind-%{VERSION}.tar.gz
bc5dde
Source1:  named.sysconfig
bc5dde
Source3:  named.logrotate
bc5dde
Source7:  bind-9.3.1rc1-sdb_tools-Makefile.in
bc5dde
Source8:  dnszone.schema
bc5dde
Source12: README.sdb_pgsql
bc5dde
Source25: named.conf.sample
24159a
Source26: named.conf
24159a
Source28: config-16.tar.bz2
c2d1e6
# Up-to-date bind.keys from upstream
c2d1e6
# Fetch a new one from page https://www.isc.org/bind-keys
c2d1e6
Source29: bind.keys
bc5dde
Source30: ldap2zone.c
bc5dde
Source31: ldap2zone.1
bc5dde
Source32: named-sdb.8
bc5dde
Source33: zonetodb.1
bc5dde
Source34: zone2sqlite.1
bc5dde
Source35: bind.tmpfiles.d
bc5dde
Source36: trusted-key.key
bc5dde
Source37: named.service
bc5dde
Source38: named-chroot.service
bc5dde
Source39: named-sdb.service
bc5dde
Source40: named-sdb-chroot.service
bc5dde
Source41: setup-named-chroot.sh
bc5dde
Source42: generate-rndc-key.sh
fd4b48
Source43: named.rwtab
fd4b48
Source44: named-chroot-setup.service
fd4b48
Source45: named-sdb-chroot-setup.service
fd4b48
Source46: named-setup-rndc.service
d56ed2
Source47: named-pkcs11.service
310562
# added due to GeoIP functionality tests
310562
# patch tool does not support binary patches
310562
Source48: geoip-testing-data.tar.xz
bc5dde
bc5dde
# Common patches
bc5dde
Patch5:  bind-nonexec.patch
bc5dde
Patch10: bind-9.5-PIE.patch
bc5dde
Patch16: bind-9.3.2-redhat_doc.patch
bc5dde
Patch72: bind-9.5-dlz-64bit.patch
bc5dde
Patch87: bind-9.5-parallel-build.patch
bc5dde
Patch101:bind-96-old-api.patch
bc5dde
Patch102:bind-95-rh452060.patch
bc5dde
Patch106:bind93-rh490837.patch
bc5dde
Patch109:bind97-rh478718.patch
bc5dde
Patch110:bind97-rh570851.patch
bc5dde
Patch111:bind97-exportlib.patch
bc5dde
Patch112:bind97-rh645544.patch
bc5dde
Patch119:bind97-rh693982.patch
bc5dde
Patch123:bind98-rh735103.patch
964723
Patch124:bind93-rh726120.patch
c8cd03
# FIXME: This disables dlzexternal, which I will enable later again
c8cd03
# Make tests on all architectures and disable it
bc5dde
Patch127:bind99-forward.patch
fd4b48
Patch130:bind-9.9.1-P2-dlz-libdb.patch
bc5dde
Patch131:bind-9.9.1-P2-multlib-conflict.patch
bc5dde
Patch133:bind99-rh640538.patch
bc5dde
Patch134:bind97-rh669163.patch
bc5dde
Patch137:bind99-rrl.patch
bc5dde
# Install dns/update.h header for bind-dyndb-ldap plugin
bc5dde
Patch138:bind-9.9.3-include-update-h.patch
bc5dde
Patch139:bind99-ISC-Bugs-34738.patch
bc5dde
Patch140:bind99-ISC-Bugs-34870-v3.patch
fd4b48
Patch141:bind99-ISC-Bugs-35073.patch
fd4b48
Patch142:bind99-ISC-Bugs-35080.patch
fd4b48
Patch143:bind99-CVE-2014-0591.patch
d4e835
Patch144:bind99-rh1067424.patch
d4e835
Patch145:bind99-rh1072379.patch
d4e835
Patch146:bind99-rh1098959.patch
d4e835
Patch147:bind99-CVE-2014-8500.patch
c25660
Patch148:bind99-CVE-2015-1349.patch
d56ed2
Patch149:bind99-rh1215687-limits.patch
d56ed2
Patch154:bind99-rh1215164.patch
d56ed2
Patch155:bind99-rh1214827.patch
d56ed2
Patch156:bind99-CVE-2015-4620.patch
d56ed2
Patch157:bind99-CVE-2015-5477.patch
d56ed2
Patch158:bind-99-socket-maxevents.patch
d56ed2
Patch159:bind99-CVE-2015-5722.patch
918839
Patch160:bind99-CVE-2015-8000.patch
e50659
Patch161:bind99-CVE-2015-8704.patch
b2eaff
Patch162:bind99-CVE-2016-1285-CVE-2016-1286.patch
310562
Patch163:bind99-rh1291185.patch
310562
Patch164:bind99-rh1259514.patch
310562
Patch165:bind99-rh1306610.patch
310562
Patch166:bind99-rh1220594-geoip.patch
310562
Patch167:bind99-automatic-interface-scanning-rh1294506.patch
c8cd03
# commit 51bcc28543ce205f7af238ef2f3889ef020a0961 ISC 4467
310562
patch168:bind99-CVE-2016-2776.patch
c8cd03
# commit bbb7c613b3e41495db627909660334695b48e60b ISC 4489
312153
patch169:bind99-CVE-2016-8864.patch
c8cd03
# commit d372472f604d45f85b3bbae5d6f523fb561a8823 ISC 4508
578297
patch170:bind99-CVE-2016-9131.patch
c8cd03
# commit a14b7f0187315767a1fa855f116fe937a7b402e3 ISC 4510
578297
patch171:bind99-CVE-2016-9147.patch
c8cd03
# commit 69cb8ebf157183d9c36a9813f945348dd81b521f ISC 4517
578297
Patch172:bind99-CVE-2016-9444.patch
c8cd03
# commit 2c74ad28efe5710ad04562c6f9902bc48d3be0ed ISC 4530
578297
Patch173:bind99-rt43779.patch
c8cd03
# commit 062b04898be720ed0855efc192847fcbc667b3e1 ISC 4406
c8cd03
Patch174:bind99-CVE-2016-2775.patch
7e32a4
# ISC 4557
c8cd03
Patch175:bind99-CVE-2017-3135.patch
7e32a4
# ISC 4558
c8cd03
Patch176:bind99-rt44318.patch
c8cd03
# commit c550e75ade4ceb4ece96f660292799519a5c3183 ISC 4567
c8cd03
Patch177:bind99-rh1392362.patch
c8cd03
# commit 1f3ac11cb4ecfab52f517ebf78493b0f05318be2
c8cd03
Patch178:bind99-coverity-fixes2.patch
a3e803
# ISC 4575
c8cd03
Patch179:bind99-CVE-2017-3136.patch
a3e803
# ISC 4578
c8cd03
Patch180:bind99-CVE-2017-3137.patch
c8cd03
# commit 5e746ab61ed8158f784b86111fef95581a08b7dd ISC 3905
c8cd03
Patch181:bind99-rh1416304.patch
d10948
# ISC 4643
964723
Patch182: bind99-CVE-2017-3142+3143.patch
964723
# commit e3894cd3a92be79a64072835008ec589b17c601a
964723
Patch183: bind99-rh1472862.patch
964723
# commit 2fc1b8102d4bf02162012c27ab95e98a7438bd8f ISC 4647
964723
Patch184: bind99-rh1476013.patch
964723
# commit 51aed1827453f40ee56b165d45c5d58d96838d94
964723
Patch185: bind99-rh1470637-tests.patch
964723
# commit 51b00c6c783ccf5dca86119ff8f4f8b994298ca4 ISC 4712
964723
Patch186: bind99-rh1470637.patch
964723
# commit 6a3fa181d1253db5191139e20231512eebaddeeb ISC 3745
964723
Patch187: bind99-rh1464850.patch
964723
# commit 871f3c8beeb2134b17414ec167b90a57adb8e122 ISC 3980
964723
Patch188: bind99-rh1464850-2.patch
964723
# commit 4eb998928b9aef0ceda42d7529980d658138698a ISC 3525
964723
Patch189: bind99-rh1501531.patch
497f76
# ISC 4858
964723
Patch190: bind99-CVE-2017-3145.patch
24159a
Patch191: bind99-rh1510008.patch
24159a
Patch192: bind99-nta.patch
24159a
Patch193: bind99-rh1510008-2.patch
24159a
Patch194: bind99-fips.patch
24159a
Patch195: bind99-fips-tests.patch
24159a
# commit c3fbf330bc014f0470371e8da590d14a1d62977e ISC 4377
24159a
Patch196: bind99-rh1549130.patch
24159a
# commit cb735b3f902d4bb5f6e30328d5828d38efa63573
24159a
Patch197: bind99-rh1549130-2.patch
24159a
Patch198: bind99-CVE-2018-5740.patch
a38b63
Patch199: bind99-rh1647539.patch
d56ed2
d56ed2
# Native PKCS#11 functionality from 9.10
d56ed2
Patch150:bind-9.9-allow_external_dnskey.patch
d56ed2
Patch151:bind-9.9-native-pkcs11.patch
d56ed2
Patch152:bind-9.9-dist-native-pkcs11.patch
d56ed2
Patch153:bind99-coverity-fixes.patch
bc5dde
bc5dde
# SDB patches
bc5dde
Patch11: bind-9.3.2b2-sdbsrc.patch
bc5dde
Patch12: bind-9.5-sdb.patch
bc5dde
Patch62: bind-9.5-sdb-sqlite-bld.patch
bc5dde
bc5dde
# needs inpection
bc5dde
Patch17: bind-9.3.2b1-fix_sdb_ldap.patch
c8cd03
Patch104: bind99-dyndb.patch
bc5dde
bc5dde
# IDN paches
bc5dde
Patch73: bind-9.5-libidn.patch
bc5dde
Patch83: bind-9.5-libidn2.patch
bc5dde
Patch85: bind-9.5-libidn3.patch
bc5dde
Patch94: bind95-rh461409.patch
bc5dde
Patch135:bind99-libidn4.patch
bc5dde
bc5dde
#
bc5dde
Requires(preun):  systemd
bc5dde
Requires(postun): systemd
bc5dde
Requires:       coreutils
bc5dde
Requires:       systemd-units
bc5dde
Requires(post): grep, systemd
24159a
Requires(post): shadow-utils
24159a
Requires(post): glibc-common
bc5dde
Requires(pre):  shadow-utils
bc5dde
Requires:       bind-libs = %{epoch}:%{version}-%{release}
bc5dde
Obsoletes:      bind-config < 30:9.3.2-34.fc6
bc5dde
Provides:       bind-config = 30:9.3.2-34.fc6
bc5dde
Obsoletes:      caching-nameserver < 31:9.4.1-7.fc8
bc5dde
Provides:       caching-nameserver = 31:9.4.1-7.fc8
bc5dde
Obsoletes:      dnssec-conf < 1.27-2
bc5dde
Provides:       dnssec-conf = 1.27-1
24159a
Requires:       python-ply
24159a
Provides:       python-isc = %{epoch}:%{version}-%{release}
24159a
Provides:       python-bind = %{epoch}:%{version}-%{release}
24159a
# selinux_set_booleans requires
24159a
Requires(post):      policycoreutils-python, libselinux-utils, selinux-policy
24159a
Requires(postun):    policycoreutils-python, libselinux-utils, selinux-policy
24159a
Requires(posttrans): policycoreutils-python, libselinux-utils, selinux-policy
bc5dde
BuildRequires:  openssl-devel, libtool, autoconf, pkgconfig, libcap-devel
310562
BuildRequires:  libidn-devel, libxml2-devel, GeoIP-devel
bc5dde
BuildRequires:  systemd-units
24159a
BuildRequires:  python-ply
24159a
BuildRequires:  selinux-policy
bc5dde
%if %{SDB}
bc5dde
BuildRequires:  openldap-devel, postgresql-devel, sqlite-devel, mysql-devel
fd4b48
BuildRequires:  libdb-devel
bc5dde
%endif
bc5dde
%if %{test}
bc5dde
BuildRequires:  net-tools
bc5dde
%endif
bc5dde
%if %{GSSTSIG}
bc5dde
BuildRequires:  krb5-devel
bc5dde
%endif
bc5dde
# Needed to regenerate dig.1 manpage
bc5dde
BuildRequires: docbook-style-xsl, libxslt
bc5dde
bc5dde
%description
bc5dde
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
bc5dde
(Domain Name System) protocols. BIND includes a DNS server (named),
bc5dde
which resolves host names to IP addresses; a resolver library
bc5dde
(routines for applications to use when interfacing with DNS); and
bc5dde
tools for verifying that the DNS server is operating properly.
bc5dde
bc5dde
%if %{PKCS11}
bc5dde
%package pkcs11
d56ed2
Summary: Bind with native PKCS#11 functionality for crypto
bc5dde
Group:   System Environment/Daemons
d56ed2
Requires: bind = %{epoch}:%{version}-%{release}
c8cd03
Requires: bind-libs = %{epoch}:%{version}-%{release}
d56ed2
Requires: bind-pkcs11-libs = %{epoch}:%{version}-%{release}
bc5dde
bc5dde
%description pkcs11
d56ed2
This is a version of BIND server built with native PKCS#11 functionality.
d56ed2
It is important to have SoftHSM v2+ installed and some token initialized.
d56ed2
For other supported HSM modules please check the BIND documentation.
d56ed2
This version of BIND binary is supported only in setup with the IPA server.
d56ed2
d56ed2
%package pkcs11-utils
d56ed2
Summary: Bind tools with native PKCS#11 for using DNSSEC
d56ed2
Group:   System Environment/Daemons
d56ed2
Requires: bind-pkcs11-libs = %{epoch}:%{version}-%{release}
d56ed2
d56ed2
%description pkcs11-utils
bc5dde
This is a set of PKCS#11 utilities that when used together create rsa
d56ed2
keys in a PKCS11 keystore. Also utilities for working with DNSSEC
d56ed2
compiled with native PKCS#11 functionality are included.
d56ed2
d56ed2
%package pkcs11-libs
d56ed2
Summary: Bind libraries compiled with native PKCS#11
d56ed2
Group:   System Environment/Daemons
d56ed2
Requires: bind-license = %{epoch}:%{version}-%{release}
d56ed2
Requires: bind-libs = %{epoch}:%{version}-%{release}
d56ed2
d56ed2
%description pkcs11-libs
d56ed2
This is a set of BIND libraries (dns, isc) compiled with native PKCS#11
d56ed2
functionality.
d56ed2
d56ed2
%package pkcs11-devel
d56ed2
Summary: Development files for Bind libraries compiled with native PKCS#11
d56ed2
Group:   System Environment/Daemons
d56ed2
Requires: bind-pkcs11-libs = %{epoch}:%{version}-%{release}
d56ed2
d56ed2
%description pkcs11-devel
d56ed2
This a set of development files for BIND libraries (dns, isc) compiled
d56ed2
with native PKCS#11 functionality.
bc5dde
%endif
bc5dde
bc5dde
%if %{SDB}
bc5dde
%package sdb
bc5dde
Summary: BIND server with database backends and DLZ support
bc5dde
Group:   System Environment/Daemons
bc5dde
Requires: bind
d4e835
Requires: bind-libs = %{epoch}:%{version}-%{release}
bc5dde
Requires: systemd-units
bc5dde
bc5dde
%description sdb
bc5dde
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
bc5dde
(Domain Name System) protocols. BIND includes a DNS server (named-sdb)
bc5dde
which has compiled-in SDB (Simplified Database Backend) which includes
bc5dde
support for using alternative Zone Databases stored in an LDAP server
bc5dde
(ldapdb), a postgreSQL database (pgsqldb), an sqlite database (sqlitedb),
bc5dde
or in the filesystem (dirdb), in addition to the standard in-memory RBT
bc5dde
(Red Black Tree) zone database. It also includes support for DLZ
bc5dde
(Dynamic Loadable Zones)
bc5dde
%endif
bc5dde
bc5dde
%package libs-lite
bc5dde
Summary:  Libraries for working with the DNS protocol
bc5dde
Group:    Applications/System
bc5dde
Obsoletes:bind-libbind-devel < 31:9.3.3-4.fc7
bc5dde
Provides: bind-libbind-devel = 31:9.3.3-4.fc7
bc5dde
Requires: bind-license = %{epoch}:%{version}-%{release}
bc5dde
bc5dde
%description libs-lite
bc5dde
Contains lite version of BIND suite libraries which are used by various
bc5dde
programs to work with DNS protocol.
bc5dde
bc5dde
%package libs
bc5dde
Summary: Libraries used by the BIND DNS packages
bc5dde
Group:    Applications/System
bc5dde
Requires: bind-license = %{epoch}:%{version}-%{release}
bc5dde
bc5dde
%description libs
bc5dde
Contains heavyweight version of BIND suite libraries used by both named DNS
bc5dde
server and utilities in bind-utils package.
bc5dde
bc5dde
%package license
bc5dde
Summary:  License of the BIND DNS suite
bc5dde
Group:    Applications/System
bc5dde
BuildArch:noarch
bc5dde
bc5dde
%description license
bc5dde
Contains license of the BIND DNS suite.
bc5dde
bc5dde
%package utils
bc5dde
Summary: Utilities for querying DNS name servers
bc5dde
Group:   Applications/System
d4e835
Requires: bind-libs = %{epoch}:%{version}-%{release}
bc5dde
bc5dde
%description utils
bc5dde
Bind-utils contains a collection of utilities for querying DNS (Domain
bc5dde
Name System) name servers to find out information about Internet
bc5dde
hosts. These tools will provide you with the IP addresses for given
bc5dde
host names, as well as other information about registered domains and
bc5dde
network addresses.
bc5dde
bc5dde
You should install bind-utils if you need to get information from DNS name
bc5dde
servers.
bc5dde
bc5dde
%if %{DEVEL}
bc5dde
%package devel
bc5dde
Summary:  Header files and libraries needed for BIND DNS development
bc5dde
Group:    Development/Libraries
bc5dde
Obsoletes:bind-libbind-devel < 31:9.3.3-4.fc7
bc5dde
Provides: bind-libbind-devel = 31:9.3.3-4.fc7
bc5dde
Requires: bind-libs = %{epoch}:%{version}-%{release}
bc5dde
bc5dde
%description devel
bc5dde
The bind-devel package contains full version of the header files and libraries
bc5dde
required for development with ISC BIND 9
bc5dde
%endif
bc5dde
bc5dde
%package lite-devel
bc5dde
Summary:  Lite version of header files and libraries needed for BIND DNS development
bc5dde
Group:    Development/Libraries
bc5dde
Requires: bind-libs-lite = %{epoch}:%{version}-%{release}
bc5dde
bc5dde
%description lite-devel
bc5dde
The bind-lite-devel package contains lite version of the header
bc5dde
files and libraries required for development with ISC BIND 9
bc5dde
bc5dde
%package chroot
bc5dde
Summary:        A chroot runtime environment for the ISC BIND DNS server, named(8)
bc5dde
Group:          System Environment/Daemons
bc5dde
Prefix:         %{chroot_prefix}
bc5dde
Requires(post): grep
bc5dde
Requires(preun):grep
bc5dde
Requires:       bind = %{epoch}:%{version}-%{release}
bc5dde
Requires:       systemd-units
bc5dde
bc5dde
%description chroot
bc5dde
This package contains a tree of files which can be used as a
bc5dde
chroot(2) jail for the named(8) program from the BIND package.
bc5dde
Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
bc5dde
fd4b48
%if %{SDB}
fd4b48
%package sdb-chroot
fd4b48
Summary:        A chroot runtime environment for the ISC BIND DNS server, named-sdb(8)
fd4b48
Group:          System Environment/Daemons
fd4b48
Prefix:         %{chroot_prefix}
fd4b48
Requires:       bind-sdb
fd4b48
Requires:       systemd-units
fd4b48
fd4b48
%description sdb-chroot
fd4b48
This package contains a tree of files which can be used as a
fd4b48
chroot(2) jail for the named-sdb(8) program from the BIND package.
fd4b48
Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
fd4b48
%endif
fd4b48
fd4b48
bc5dde
%prep
bc5dde
%setup -q -n %{name}-%{VERSION}
bc5dde
bc5dde
# Common patches
bc5dde
%patch5 -p1 -b .nonexec
bc5dde
%patch10 -p1 -b .PIE
bc5dde
%patch16 -p1 -b .redhat_doc
bc5dde
%ifnarch alpha ia64
bc5dde
%patch72 -p1 -b .64bit
bc5dde
%endif
bc5dde
%patch73 -p1 -b .libidn
bc5dde
%patch83 -p1 -b .libidn2
bc5dde
%patch85 -p1 -b .libidn3
bc5dde
%patch87 -p1 -b .parallel
bc5dde
%patch94 -p1 -b .rh461409
bc5dde
bc5dde
%patch102 -p1 -b .rh452060
bc5dde
%patch106 -p0 -b .rh490837
bc5dde
%patch109 -p1 -b .rh478718
bc5dde
%patch110 -p1 -b .rh570851
bc5dde
%patch111 -p1 -b .exportlib
bc5dde
%patch112 -p1 -b .rh645544
bc5dde
%patch119 -p1 -b .rh693982
bc5dde
%patch123 -p1 -b .rh735103
964723
%patch124 -p1 -b .rh726120
bc5dde
%patch127 -p1 -b .forward
fd4b48
%patch130 -p1 -b .libdb
bc5dde
%patch131 -p1 -b .multlib-conflict
bc5dde
%patch137 -p1 -b .rrl
bc5dde
%patch138 -p1 -b .update
bc5dde
%patch139 -p1 -b .journal
bc5dde
%patch140 -p1 -b .send_buffers
fd4b48
%patch141 -p1 -b .leak_35073
fd4b48
%patch142 -p1 -b .rbt_crash
fd4b48
%patch143 -p1 -b .CVE-2014-059
d4e835
%patch144 -p1 -b .rh1067424
d4e835
%patch145 -p1 -b .rh1072379
d4e835
%patch146 -p1 -b .rh1098959
d4e835
%patch147 -p1 -b .CVE-2014-8500
c25660
%patch148 -p1 -b .CVE-2015-1349
d56ed2
%patch149 -p1 -b .rh1215687-limits
d56ed2
d56ed2
%patch150 -p1 -b .external_key
d56ed2
%patch151 -p1 -b .native_pkcs11
d56ed2
# http://cov01.lab.eng.brq.redhat.com/covscanhub/waiving/9377/
d56ed2
%patch153 -p1 -b .coverity_9377
d56ed2
%patch154 -p1 -b .rh1215164
d56ed2
%patch155 -p1 -b .nsupdate_realm
d56ed2
%patch156 -p1 -b .CVE-2015-4620
d56ed2
%patch157 -p1 -b .CVE-2015-5477
d56ed2
%patch158 -p1 -b .sock-maxevents
d56ed2
%patch159 -p1 -b .CVE-2015-5722
918839
%patch160 -p1 -b .CVE-2015-8000
e50659
%patch161 -p1 -b .CVE-2015-8704
b2eaff
%patch162 -p1 -b .CVE-2016-1285-CVE-2016-1286
310562
%patch163 -p1 -b .rh1291185
310562
%patch164 -p1 -b .rh1259514
310562
%patch165 -p1 -b .rh1306610-caa
c8cd03
%patch104 -p1 -b .dyndb
310562
310562
# GeoIP support
310562
%patch166 -p1 -b .rh1220594-geoip
310562
# extract the binary testing data
310562
tar -xf %{SOURCE48} -C bin/tests/system/geoip/data
310562
310562
%patch167 -p1 -b .rh1294506
310562
%patch168 -p1 -b .CVE-2016-2776
312153
%patch169 -p1 -b .CVE-2016-8864
578297
%patch170 -p1 -b .CVE-2016-9131
578297
%patch171 -p1 -b .CVE-2016-9147
578297
%patch172 -p1 -b .CVE-2016-9444
578297
%patch173 -p1 -b .rt43779
c8cd03
%patch174 -p1 -b .CVE-2016-2775
c8cd03
%patch175 -p1 -b .CVE-2017-3135
c8cd03
%patch176 -p1 -b .rt44318
c8cd03
%patch177 -p1 -b .rh1392362
c8cd03
%patch178 -p1 -b .coverity2
c8cd03
%patch179 -p1 -b .CVE-2017-3136
c8cd03
%patch180 -p1 -b .CVE-2017-3137
c8cd03
%patch181 -p1 -b .rh1416304
d10948
%patch182 -p1 -b .CVE-2017-3142+3143
964723
%patch183 -p1 -b .rh1472862
964723
%patch184 -p1 -b .rh1476013
964723
%patch185 -p1 -b .rh1470637-tests
964723
%patch186 -p1 -b .rh1470637
964723
%patch187 -p1 -b .rh1464850
964723
%patch188 -p1 -b .rh1464850
964723
%patch189 -p1 -b .rh1501531
964723
%patch190 -p1 -b .CVE-2017-3145
24159a
%patch191 -p1 -b .dnssec-keymgr
24159a
%patch192 -p1 -b .rh1452091
24159a
%patch193 -p1 -b .dnssec-keymgr-2
24159a
%patch194 -p1 -b .fips
24159a
%patch195 -p1 -b .fips-tests
24159a
%patch196 -p1 -b .rh1549130
24159a
%patch197 -p1 -b .rh1549130-2
24159a
%patch198 -p1 -b .CVE-2018-5740
a38b63
%patch199 -p1 -b .rh1647539
c2d1e6
c2d1e6
# Override upstream builtin keys
c2d1e6
cp -fp %{SOURCE29} bind.keys
d56ed2
d56ed2
%if %{PKCS11}
d56ed2
cp -r bin/named{,-pkcs11}
d56ed2
cp -r bin/dnssec{,-pkcs11}
d56ed2
cp -r lib/isc{,-pkcs11}
d56ed2
cp -r lib/dns{,-pkcs11}
d56ed2
cp -r lib/export/isc{,-pkcs11}
d56ed2
cp -r lib/export/dns{,-pkcs11}
d56ed2
%patch152 -p1 -b .dist_pkcs11
d56ed2
%endif
bc5dde
bc5dde
%if %{SDB}
bc5dde
%patch101 -p1 -b .old-api
bc5dde
mkdir bin/named-sdb
bc5dde
cp -r bin/named/* bin/named-sdb
bc5dde
%patch11 -p1 -b .sdbsrc
bc5dde
# SDB ldap
bc5dde
cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named-sdb
bc5dde
# SDB postgreSQL
bc5dde
cp -fp contrib/sdb/pgsql/pgsqldb.[ch] bin/named-sdb
bc5dde
# SDB sqlite
bc5dde
cp -fp contrib/sdb/sqlite/sqlitedb.[ch] bin/named-sdb
bc5dde
# SDB Berkeley DB - needs to be ported to DB4!
bc5dde
#cp -fp contrib/sdb/bdb/bdb.[ch] bin/named_sdb
bc5dde
# SDB dir
bc5dde
cp -fp contrib/sdb/dir/dirdb.[ch] bin/named-sdb
bc5dde
# SDB tools
bc5dde
mkdir -p bin/sdb_tools
bc5dde
cp -fp %{SOURCE30} bin/sdb_tools/ldap2zone.c
bc5dde
cp -fp %{SOURCE7} bin/sdb_tools/Makefile.in
bc5dde
#cp -fp contrib/sdb/bdb/zone2bdb.c bin/sdb_tools
bc5dde
cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/sdb_tools
bc5dde
cp -fp contrib/sdb/pgsql/zonetodb.c bin/sdb_tools
bc5dde
cp -fp contrib/sdb/sqlite/zone2sqlite.c bin/sdb_tools
bc5dde
%patch12 -p1 -b .sdb
bc5dde
%endif
bc5dde
%if %{SDB}
bc5dde
%patch17 -p1 -b .fix_sdb_ldap
bc5dde
%endif
bc5dde
%if %{SDB}
bc5dde
%patch62 -p1 -b .sdb-sqlite-bld
bc5dde
%endif
bc5dde
%patch133 -p1 -b .rh640538
bc5dde
%patch134 -p1 -b .rh669163
bc5dde
%patch135 -p1 -b .libidn4
bc5dde
bc5dde
# Sparc and s390 arches need to use -fPIE
bc5dde
%ifarch sparcv9 sparc64 s390 s390x
bc5dde
for i in bin/named{,-sdb}/{,unix}/Makefile.in; do
bc5dde
  sed -i 's|fpie|fPIE|g' $i
bc5dde
done
bc5dde
%endif
bc5dde
bc5dde
:;
bc5dde
bc5dde
%build
bc5dde
export CFLAGS="$CFLAGS $RPM_OPT_FLAGS"
bc5dde
export CPPFLAGS="$CPPFLAGS -DDIG_SIGCHASE"
bc5dde
export STD_CDEFINES="$CPPFLAGS"
bc5dde
bc5dde
sed -i -e \
bc5dde
's/RELEASEVER=\(.*\)/RELEASEVER=\1-RedHat-%{version}-%{release}/' \
bc5dde
version
bc5dde
bc5dde
libtoolize -c -f; aclocal -I libtool.m4 --force; autoconf -f
bc5dde
bc5dde
%configure \
bc5dde
  --with-libtool \
bc5dde
  --localstatedir=/var \
bc5dde
  --enable-threads \
310562
  --with-geoip \
bc5dde
  --enable-ipv6 \
fd4b48
  --enable-filter-aaaa \
bc5dde
  --enable-rrl \
bc5dde
  --with-pic \
bc5dde
  --disable-static \
bc5dde
  --disable-openssl-version-check \
bc5dde
  --enable-exportlib \
bc5dde
  --with-export-libdir=%{_libdir} \
bc5dde
  --with-export-includedir=%{_includedir} \
bc5dde
  --includedir=%{_includedir}/bind9 \
bc5dde
%if %{PKCS11}
d56ed2
  --enable-native-pkcs11 \
d56ed2
  --with-pkcs11=%{_libdir}/pkcs11/libsofthsm2.so \
bc5dde
%endif
bc5dde
%if %{SDB}
d4e835
  --with-dlopen=yes \
bc5dde
  --with-dlz-ldap=yes \
bc5dde
  --with-dlz-postgres=yes \
bc5dde
  --with-dlz-mysql=yes \
bc5dde
  --with-dlz-filesystem=yes \
bc5dde
  --with-dlz-bdb=yes \
bc5dde
%endif
bc5dde
%if %{GSSTSIG}
bc5dde
  --with-gssapi=yes \
bc5dde
  --disable-isc-spnego \
bc5dde
%endif
bc5dde
  --enable-fixed-rrset \
964723
  --with-tuning=large \
bc5dde
  --with-docbook-xsl=%{_datadir}/sgml/docbook/xsl-stylesheets \
bc5dde
;
bc5dde
make %{?_smp_mflags}
bc5dde
bc5dde
# Regenerate dig.1 manpage
bc5dde
pushd bin/dig
bc5dde
make man
bc5dde
popd
bc5dde
pushd bin/python
bc5dde
make man
bc5dde
popd
bc5dde
bc5dde
%if %{test}
bc5dde
%check
bc5dde
if [ "`whoami`" = 'root' ]; then
bc5dde
  set -e
bc5dde
  chmod -R a+rwX .
bc5dde
  pushd bin/tests
bc5dde
  pushd system
bc5dde
  ./ifconfig.sh up
bc5dde
  popd
bc5dde
  make test
bc5dde
  e=$?
bc5dde
  pushd system
bc5dde
  ./ifconfig.sh down
bc5dde
  popd
bc5dde
  popd
bc5dde
  if [ "$e" -ne 0 ]; then
bc5dde
    echo "ERROR: this build of BIND failed 'make test'. Aborting."
bc5dde
    exit $e;
bc5dde
  fi;
bc5dde
else
bc5dde
  echo 'only root can run the tests (they require an ifconfig).'
bc5dde
%endif
bc5dde
bc5dde
%install
bc5dde
rm -rf ${RPM_BUILD_ROOT}
bc5dde
bc5dde
# Build directory hierarchy
310562
mkdir -p ${RPM_BUILD_ROOT}/etc/logrotate.d
bc5dde
mkdir -p ${RPM_BUILD_ROOT}%{_libdir}/bind
bc5dde
mkdir -p ${RPM_BUILD_ROOT}/var/named/{slaves,data,dynamic}
bc5dde
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/{man1,man5,man8}
bc5dde
mkdir -p ${RPM_BUILD_ROOT}/run/named
bc5dde
mkdir -p ${RPM_BUILD_ROOT}/var/log
bc5dde
bc5dde
#chroot
bc5dde
mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix}/{dev,etc,var,run/named}
bc5dde
mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix}/var/{log,named,tmp}
fd4b48
fd4b48
# create symlink as it is on real filesystem
fd4b48
pushd ${RPM_BUILD_ROOT}/%{chroot_prefix}/var
fd4b48
ln -s ../run run
fd4b48
popd
fd4b48
bc5dde
mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix}/etc/{pki/dnssec-keys,named}
bc5dde
mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix}/%{_libdir}/bind
bc5dde
# these are required to prevent them being erased during upgrade of previous
bc5dde
touch ${RPM_BUILD_ROOT}/%{chroot_prefix}/dev/null
bc5dde
touch ${RPM_BUILD_ROOT}/%{chroot_prefix}/dev/random
bc5dde
touch ${RPM_BUILD_ROOT}/%{chroot_prefix}/dev/zero
bc5dde
touch ${RPM_BUILD_ROOT}/%{chroot_prefix}/etc/named.conf
bc5dde
#end chroot
bc5dde
fd4b48
#sdb-chroot
fd4b48
%if %{SDB}
fd4b48
mkdir -p ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/{dev,etc,var,run/named}
fd4b48
mkdir -p ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/var/{log,named,tmp}
fd4b48
fd4b48
# create symlink as it is on real filesystem
fd4b48
pushd ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/var
fd4b48
ln -s ../run run
fd4b48
popd
fd4b48
fd4b48
mkdir -p ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/etc/{pki/dnssec-keys,named}
fd4b48
mkdir -p ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/%{_libdir}/bind
fd4b48
# these are required to prevent them being erased during upgrade of previous
fd4b48
touch ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/dev/null
fd4b48
touch ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/dev/random
fd4b48
touch ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/dev/zero
fd4b48
touch ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/etc/named.conf
fd4b48
%endif
fd4b48
#end sdb-chroot
fd4b48
bc5dde
make DESTDIR=${RPM_BUILD_ROOT} install
bc5dde
bc5dde
# Remove unwanted files
bc5dde
rm -f ${RPM_BUILD_ROOT}/etc/bind.keys
bc5dde
bc5dde
# Systemd unit files
bc5dde
mkdir -p ${RPM_BUILD_ROOT}%{_unitdir}
bc5dde
install -m 644 %{SOURCE37} ${RPM_BUILD_ROOT}%{_unitdir}
bc5dde
install -m 644 %{SOURCE38} ${RPM_BUILD_ROOT}%{_unitdir}
fd4b48
install -m 644 %{SOURCE44} ${RPM_BUILD_ROOT}%{_unitdir}
fd4b48
install -m 644 %{SOURCE46} ${RPM_BUILD_ROOT}%{_unitdir}
fd4b48
bc5dde
%if %{SDB}
bc5dde
install -m 644 %{SOURCE39} ${RPM_BUILD_ROOT}%{_unitdir}
bc5dde
install -m 644 %{SOURCE40} ${RPM_BUILD_ROOT}%{_unitdir}
fd4b48
install -m 644 %{SOURCE45} ${RPM_BUILD_ROOT}%{_unitdir}
fd4b48
%endif
d56ed2
%if %{PKCS11}
d56ed2
install -m 644 %{SOURCE47} ${RPM_BUILD_ROOT}%{_unitdir}
d56ed2
%endif
bc5dde
bc5dde
mkdir -p ${RPM_BUILD_ROOT}%{_libexecdir}
bc5dde
install -m 755 %{SOURCE41} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-chroot.sh
bc5dde
install -m 755 %{SOURCE42} ${RPM_BUILD_ROOT}%{_libexecdir}/generate-rndc-key.sh
bc5dde
bc5dde
install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/etc/logrotate.d/named
bc5dde
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
bc5dde
install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/named
bc5dde
%if %{SDB}
bc5dde
mkdir -p ${RPM_BUILD_ROOT}/etc/openldap/schema
bc5dde
install -m 644 %{SOURCE8} ${RPM_BUILD_ROOT}/etc/openldap/schema/dnszone.schema
bc5dde
install -m 644 %{SOURCE12} contrib/sdb/pgsql/
bc5dde
%endif
bc5dde
bc5dde
# Install isc/errno2result.h header
bc5dde
install -m 644 lib/isc/unix/errno2result.h ${RPM_BUILD_ROOT}%{_includedir}/isc
bc5dde
bc5dde
# Files required to run test-suite outside of build tree:
bc5dde
cp -fp config.h ${RPM_BUILD_ROOT}/%{_includedir}/bind9
bc5dde
cp -fp lib/dns/include/dns/forward.h ${RPM_BUILD_ROOT}/%{_includedir}/dns
bc5dde
cp -fp lib/isc/unix/include/isc/keyboard.h ${RPM_BUILD_ROOT}/%{_includedir}/isc
bc5dde
bc5dde
# Remove libtool .la files:
bc5dde
find ${RPM_BUILD_ROOT}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';';
bc5dde
bc5dde
# Remove -devel files out of buildroot if not needed
bc5dde
%if !%{DEVEL}
bc5dde
rm -f ${RPM_BUILD_ROOT}/%{_libdir}/bind9/*so
bc5dde
rm -rf ${RPM_BUILD_ROOT}/%{_includedir}/bind9
bc5dde
rm -f ${RPM_BUILD_ROOT}/%{_mandir}/man1/isc-config.sh.1*
bc5dde
rm -f ${RPM_BUILD_ROOT}/%{_mandir}/man3/lwres*
bc5dde
rm -f ${RPM_BUILD_ROOT}/%{_bindir}/isc-config.sh
bc5dde
%endif
bc5dde
bc5dde
# SDB manpages
bc5dde
%if %{SDB}
bc5dde
install -m 644 %{SOURCE31} ${RPM_BUILD_ROOT}%{_mandir}/man1/ldap2zone.1
bc5dde
install -m 644 %{SOURCE32} ${RPM_BUILD_ROOT}%{_mandir}/man8/named-sdb.8
bc5dde
install -m 644 %{SOURCE33} ${RPM_BUILD_ROOT}%{_mandir}/man1/zonetodb.1
bc5dde
install -m 644 %{SOURCE34} ${RPM_BUILD_ROOT}%{_mandir}/man1/zone2sqlite.1
bc5dde
%endif
bc5dde
d56ed2
# PKCS11 versions manpages
d56ed2
%if %{PKCS11}
d56ed2
pushd ${RPM_BUILD_ROOT}%{_mandir}/man8
d56ed2
ln -s named.8.gz named-pkcs11.8.gz
d56ed2
ln -s dnssec-checkds.8.gz dnssec-checkds-pkcs11.8.gz
d56ed2
ln -s dnssec-coverage.8.gz dnssec-coverage-pkcs11.8.gz
d56ed2
ln -s dnssec-dsfromkey.8.gz dnssec-dsfromkey-pkcs11.8.gz
d56ed2
ln -s dnssec-keyfromlabel.8.gz dnssec-keyfromlabel-pkcs11.8.gz
d56ed2
ln -s dnssec-keygen.8.gz dnssec-keygen-pkcs11.8.gz
d56ed2
ln -s dnssec-revoke.8.gz dnssec-revoke-pkcs11.8.gz
d56ed2
ln -s dnssec-settime.8.gz dnssec-settime-pkcs11.8.gz
d56ed2
ln -s dnssec-signzone.8.gz dnssec-signzone-pkcs11.8.gz
d56ed2
ln -s dnssec-verify.8.gz dnssec-verify-pkcs11.8.gz
964723
ln -s dnssec-importkey.8.gz dnssec-importkey-pkcs11.8.gz
d56ed2
popd
d56ed2
%endif
d56ed2
bc5dde
# Ghost config files:
bc5dde
touch ${RPM_BUILD_ROOT}%{_localstatedir}/log/named.log
bc5dde
bc5dde
# configuration files:
bc5dde
tar -C ${RPM_BUILD_ROOT} -xjf %{SOURCE28}
bc5dde
touch ${RPM_BUILD_ROOT}/etc/rndc.key
bc5dde
touch ${RPM_BUILD_ROOT}/etc/rndc.conf
bc5dde
mkdir ${RPM_BUILD_ROOT}/etc/named
24159a
install -m 640 %{SOURCE26} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.conf
bc5dde
install -m 644 bind.keys ${RPM_BUILD_ROOT}/etc/named.iscdlv.key
bc5dde
install -m 644 %{SOURCE36} ${RPM_BUILD_ROOT}/etc/trusted-key.key
bc5dde
bc5dde
# sample bind configuration files for %%doc:
bc5dde
mkdir -p sample/etc sample/var/named/{data,slaves}
bc5dde
install -m 644 %{SOURCE25} sample/etc/named.conf
bc5dde
# Copy default configuration to %%doc to make it usable from system-config-bind
24159a
install -m 644 %{SOURCE26} named.conf.default
bc5dde
install -m 644 ${RPM_BUILD_ROOT}/etc/named.rfc1912.zones sample/etc/named.rfc1912.zones
bc5dde
install -m 644 ${RPM_BUILD_ROOT}/var/named/{named.ca,named.localhost,named.loopback,named.empty}  sample/var/named
bc5dde
for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.internal.zone.db my.external.zone.db; do 
bc5dde
  echo '@ in soa localhost. root 1 3H 15M 1W 1D
bc5dde
  ns localhost.' > sample/var/named/$f; 
bc5dde
done
bc5dde
:;
bc5dde
d56ed2
mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir}
d56ed2
install -m 644 %{SOURCE35} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/named.conf
bc5dde
fd4b48
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d
fd4b48
install -m 644 %{SOURCE43} ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d/named
fd4b48
bc5dde
%pre
bc5dde
if [ "$1" -eq 1 ]; then
bc5dde
  /usr/sbin/groupadd -g %{bind_gid} -f -r named >/dev/null 2>&1 || :;
24159a
  /usr/sbin/useradd  -u %{bind_uid} -r -N -M -g named -s /bin/false -d /var/named -c Named named >/dev/null 2>&1 || :;
bc5dde
fi;
bc5dde
:;
bc5dde
bc5dde
%post
bc5dde
/sbin/ldconfig
bc5dde
if [ "$1" -eq 1 ]; then
bc5dde
  # Initial installation
bc5dde
  [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ;
bc5dde
  # rndc.key has to have correct perms and ownership, CVE-2007-6283
bc5dde
  [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
bc5dde
  [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
24159a
else
24159a
  # Upgrade, use invalid shell
24159a
  if getent passwd named | grep ':/sbin/nologin$' >/dev/null; then
24159a
    usermod -s /bin/false named
24159a
  fi
bc5dde
fi
24159a
%systemd_post named.service
bc5dde
:;
bc5dde
bc5dde
%preun
bc5dde
# Package removal, not upgrade
bc5dde
%systemd_preun named.service
bc5dde
bc5dde
%postun
bc5dde
/sbin/ldconfig
bc5dde
%systemd_postun_with_restart named.service
24159a
# Unset on both upgrade and install. Boolean would be unset from now
24159a
# until %posttrans on upgrade. Write requests might fail during update.
24159a
(export LC_ALL=C; %{selinux_unset_booleans %{selinuxbooleans}})
24159a
24159a
%posttrans
24159a
# selinux-policy-targeted is required for following macro to work.
24159a
# This package should not depend on it explicitly, but anaconda ensures
24159a
# it is installed. Run after all packages are installed.
24159a
(export LC_ALL=C; %{selinux_set_booleans %{selinuxbooleans}})
bc5dde
bc5dde
%if %{SDB}
bc5dde
%post sdb
bc5dde
# Initial installation 
bc5dde
%systemd_post named-sdb.service
bc5dde
bc5dde
%preun sdb
bc5dde
# Package removal, not upgrade
bc5dde
%systemd_preun named-sdb.service
bc5dde
bc5dde
%postun sdb
bc5dde
# Package upgrade, not uninstall
bc5dde
%systemd_postun_with_restart named-sdb.service
bc5dde
%endif
bc5dde
d56ed2
%if %{PKCS11}
d56ed2
%post pkcs11
d56ed2
# Initial installation
d56ed2
%systemd_post named-pkcs11.service
d56ed2
d56ed2
%preun pkcs11
d56ed2
# Package removal, not upgrade
d56ed2
%systemd_preun named-pkcs11.service
d56ed2
d56ed2
%postun pkcs11
d56ed2
# Package upgrade, not uninstall
d56ed2
%systemd_postun_with_restart named-pkcs11.service
d56ed2
%endif
d56ed2
bc5dde
%triggerpostun -n bind -- bind <= 32:9.5.0-20.b1
bc5dde
if [ "$1" -gt 0 ]; then
bc5dde
  [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
bc5dde
  [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
bc5dde
fi
bc5dde
:;
bc5dde
d4e835
%triggerun -- bind < 32:9.9.0-0.6.rc1
bc5dde
/sbin/chkconfig --del named >/dev/null 2>&1 || :
bc5dde
/bin/systemctl try-restart named.service >/dev/null 2>&1 || :
bc5dde
bc5dde
%post libs -p /sbin/ldconfig
bc5dde
bc5dde
%postun libs -p /sbin/ldconfig
bc5dde
bc5dde
%post libs-lite -p /sbin/ldconfig
bc5dde
bc5dde
%postun libs-lite -p /sbin/ldconfig
bc5dde
d4e835
%pre chroot
d4e835
# updating
d4e835
if [ "$1" -gt 1 ]; then
d4e835
    # if %%{chroot_prefix}/var/run is a directory, remove it
d4e835
    # fix for Bug #1091341
d4e835
    if [ -d %{chroot_prefix}/var/run ]; then
d4e835
        rm -rf %{chroot_prefix}/var/run
d4e835
    fi
d4e835
fi
d4e835
bc5dde
%post chroot
bc5dde
%systemd_post named-chroot.service
bc5dde
if [ "$1" -gt 0 ]; then
bc5dde
  [ -e %{chroot_prefix}/dev/random ] || \
bc5dde
    /bin/mknod %{chroot_prefix}/dev/random c 1 8
bc5dde
  [ -e %{chroot_prefix}/dev/zero ] || \
bc5dde
    /bin/mknod %{chroot_prefix}/dev/zero c 1 5
bc5dde
  [ -e %{chroot_prefix}/dev/null ] || \
bc5dde
    /bin/mknod %{chroot_prefix}/dev/null c 1 3
bc5dde
fi;
bc5dde
:;
bc5dde
bc5dde
%posttrans chroot
bc5dde
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
bc5dde
  [ -x /sbin/restorecon ] && /sbin/restorecon %{chroot_prefix}/dev/* > /dev/null 2>&1;
bc5dde
fi;
bc5dde
:;
bc5dde
bc5dde
%preun chroot
bc5dde
%systemd_preun named-chroot.service 
bc5dde
if [ "$1" -eq 0 ]; then
bc5dde
  # Package removal, not upgrade
bc5dde
  rm -f %{chroot_prefix}/dev/{random,zero,null}
bc5dde
fi
bc5dde
:;
bc5dde
bc5dde
%postun chroot
bc5dde
# Package upgrade, not uninstall
bc5dde
%systemd_postun_with_restart named-chroot.service
fd4b48
fd4b48
fd4b48
%if %{SDB}
fd4b48
fd4b48
%post sdb-chroot
fd4b48
%systemd_post named-sdb-chroot.service
fd4b48
if [ "$1" -gt 0 ]; then
fd4b48
  [ -e %{chroot_sdb_prefix}/dev/random ] || \
fd4b48
    /bin/mknod %{chroot_sdb_prefix}/dev/random c 1 8
fd4b48
  [ -e %{chroot_sdb_prefix}/dev/zero ] || \
fd4b48
    /bin/mknod %{chroot_sdb_prefix}/dev/zero c 1 5
fd4b48
  [ -e %{chroot_sdb_prefix}/dev/null ] || \
fd4b48
    /bin/mknod %{chroot_sdb_prefix}/dev/null c 1 3
fd4b48
fi;
fd4b48
:;
fd4b48
fd4b48
%posttrans sdb-chroot
fd4b48
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
fd4b48
  [ -x /sbin/restorecon ] && /sbin/restorecon %{chroot_sdb_prefix}/dev/* > /dev/null 2>&1;
fd4b48
fi;
fd4b48
:;
fd4b48
fd4b48
%preun sdb-chroot
fd4b48
%systemd_preun named-sdb-chroot.service 
fd4b48
if [ "$1" -eq 0 ]; then
fd4b48
  # Package removal, not upgrade
fd4b48
  rm -f %{chroot_sdb_prefix}/dev/{random,zero,null}
fd4b48
fi
fd4b48
:;
fd4b48
fd4b48
%postun sdb-chroot
fd4b48
# Package upgrade, not uninstall
bc5dde
%systemd_postun_with_restart named-sdb-chroot.service
bc5dde
fd4b48
%endif
fd4b48
bc5dde
%clean
bc5dde
rm -rf ${RPM_BUILD_ROOT}
bc5dde
:;
bc5dde
bc5dde
%files
bc5dde
%defattr(-,root,root,-)
bc5dde
%{_libdir}/bind
bc5dde
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/named
bc5dde
%config(noreplace) %attr(0644,root,named) %{_sysconfdir}/named.iscdlv.key
bc5dde
%config(noreplace) %attr(0644,root,named) %{_sysconfdir}/named.root.key
d56ed2
%{_tmpfilesdir}/named.conf
fd4b48
%{_sysconfdir}/rwtab.d/named
bc5dde
%{_unitdir}/named.service
fd4b48
%{_unitdir}/named-setup-rndc.service
bc5dde
%{_sbindir}/arpaname
bc5dde
%{_sbindir}/ddns-confgen
bc5dde
%{_sbindir}/genrandom
bc5dde
%{_sbindir}/named-journalprint
bc5dde
%{_sbindir}/nsec3hash
bc5dde
%{_sbindir}/dnssec*
d56ed2
%exclude %{_sbindir}/dnssec*pkcs11
bc5dde
%{_sbindir}/named-check*
bc5dde
%{_sbindir}/lwresd
bc5dde
%{_sbindir}/named
bc5dde
%{_sbindir}/rndc*
bc5dde
%{_sbindir}/named-compilezone
bc5dde
%{_sbindir}/isc-hmac-fixup
bc5dde
%{_libexecdir}/generate-rndc-key.sh
24159a
%{python_sitelib}/isc/
24159a
%{python_sitelib}/*.egg-info
bc5dde
%{_mandir}/man1/arpaname.1*
bc5dde
%{_mandir}/man5/named.conf.5*
bc5dde
%{_mandir}/man5/rndc.conf.5*
bc5dde
%{_mandir}/man8/rndc.8*
bc5dde
%{_mandir}/man8/named.8*
bc5dde
%{_mandir}/man8/lwresd.8*
bc5dde
%{_mandir}/man8/dnssec*.8*
d56ed2
%exclude %{_mandir}/man8/dnssec*-pkcs11.8*
bc5dde
%{_mandir}/man8/named-checkconf.8*
bc5dde
%{_mandir}/man8/named-checkzone.8*
bc5dde
%{_mandir}/man8/named-compilezone.8*
bc5dde
%{_mandir}/man8/rndc-confgen.8*
bc5dde
%{_mandir}/man8/ddns-confgen.8*
bc5dde
%{_mandir}/man8/genrandom.8*
bc5dde
%{_mandir}/man8/named-journalprint.8*
bc5dde
%{_mandir}/man8/nsec3hash.8*
bc5dde
%{_mandir}/man8/isc-hmac-fixup.8*
bc5dde
%doc CHANGES README named.conf.default
bc5dde
%doc doc/arm/*html doc/arm/*pdf
bc5dde
%doc sample/
bc5dde
bc5dde
# Hide configuration
bc5dde
%defattr(0640,root,named,0750)
bc5dde
%dir %{_sysconfdir}/named
bc5dde
%config(noreplace) %verify(not link) %{_sysconfdir}/named.conf
bc5dde
%config(noreplace) %verify(not link) %{_sysconfdir}/named.rfc1912.zones
24159a
%defattr(0660,root,named,01770)
24159a
%dir %{_localstatedir}/named
bc5dde
%defattr(0660,named,named,0770)
bc5dde
%dir %{_localstatedir}/named/slaves
bc5dde
%dir %{_localstatedir}/named/data
bc5dde
%dir %{_localstatedir}/named/dynamic
bc5dde
%ghost %{_localstatedir}/log/named.log
bc5dde
%defattr(0640,root,named,0750)
24159a
%config %verify(not link) %{_localstatedir}/named/named.ca
24159a
%config %verify(not link) %{_localstatedir}/named/named.localhost
24159a
%config %verify(not link) %{_localstatedir}/named/named.loopback
24159a
%config %verify(not link) %{_localstatedir}/named/named.empty
bc5dde
%ghost %config(noreplace) %{_sysconfdir}/rndc.key
bc5dde
# ^- rndc.key now created on first install only if it does not exist
bc5dde
# %%verify(not size,not md5) %%config(noreplace) %%attr(0640,root,named) /etc/rndc.conf
bc5dde
# ^- Let the named internal default rndc.conf be used -
bc5dde
#    rndc.conf not required unless it differs from default.
bc5dde
%ghost %config(noreplace) %{_sysconfdir}/rndc.conf
bc5dde
# ^- The default rndc.conf which uses rndc.key is in named's default internal config -
bc5dde
#    so rndc.conf is not necessary.
bc5dde
%config(noreplace) %{_sysconfdir}/logrotate.d/named
bc5dde
%defattr(-,named,named,-)
bc5dde
%dir /run/named
bc5dde
bc5dde
%if %{SDB}
bc5dde
%files sdb
bc5dde
%defattr(-,root,root,-)
bc5dde
%{_unitdir}/named-sdb.service
bc5dde
%{_mandir}/man1/zone2ldap.1*
bc5dde
%{_mandir}/man1/ldap2zone.1*
bc5dde
%{_mandir}/man1/zonetodb.1*
bc5dde
%{_mandir}/man1/zone2sqlite.1*
bc5dde
%{_mandir}/man8/named-sdb.8*
bc5dde
%doc contrib/sdb/ldap/README.ldap contrib/sdb/ldap/INSTALL.ldap contrib/sdb/pgsql/README.sdb_pgsql
bc5dde
%dir %{_sysconfdir}/openldap/schema
bc5dde
%config(noreplace) %{_sysconfdir}/openldap/schema/dnszone.schema
bc5dde
%{_sbindir}/named-sdb
bc5dde
%{_sbindir}/zone2ldap
bc5dde
%{_sbindir}/ldap2zone
bc5dde
%{_sbindir}/zonetodb
bc5dde
%{_sbindir}/zone2sqlite
bc5dde
%endif
bc5dde
bc5dde
%files libs
bc5dde
%defattr(-,root,root,-)
bc5dde
%{_libdir}/*so.*
bc5dde
%exclude %{_libdir}/*export.so.*
d56ed2
%exclude %{_libdir}/*pkcs11.so.*
d56ed2
%exclude %{_libdir}/*pkcs11-export.so.*
bc5dde
bc5dde
%files libs-lite
bc5dde
%defattr(-,root,root,-)
bc5dde
%{_libdir}/*export.so.*
d56ed2
%exclude %{_libdir}/*pkcs11-export.so.*
bc5dde
bc5dde
%files license
bc5dde
%defattr(-,root,root,-)
bc5dde
%doc COPYRIGHT
bc5dde
bc5dde
%files utils
bc5dde
%defattr(-,root,root,-)
bc5dde
%{_bindir}/dig
bc5dde
%{_bindir}/host
bc5dde
%{_bindir}/nslookup
bc5dde
%{_bindir}/nsupdate
bc5dde
%{_mandir}/man1/host.1*
bc5dde
%{_mandir}/man1/nsupdate.1*
bc5dde
%{_mandir}/man1/dig.1*
bc5dde
%{_mandir}/man1/nslookup.1*
bc5dde
%{_sysconfdir}/trusted-key.key
bc5dde
bc5dde
%if %{DEVEL}
bc5dde
%files devel
bc5dde
%defattr(-,root,root,-)
bc5dde
%{_libdir}/*so
bc5dde
%exclude %{_libdir}/*export.so
d56ed2
%exclude %{_libdir}/*pkcs11.so
d56ed2
%exclude %{_libdir}/*pkcs11-export.so
bc5dde
%{_includedir}/bind9
d56ed2
%exclude %{_includedir}/bind9/pkcs11
d56ed2
%exclude %{_includedir}/bind9/pk11
bc5dde
%{_mandir}/man1/isc-config.sh.1*
bc5dde
%{_mandir}/man3/lwres*
bc5dde
%{_bindir}/isc-config.sh
bc5dde
%endif
bc5dde
bc5dde
%files lite-devel
bc5dde
%defattr(-,root,root,-)
bc5dde
%{_libdir}/*export.so
d56ed2
%exclude %{_libdir}/*pkcs11-export.so
bc5dde
%{_includedir}/dns
bc5dde
%{_includedir}/dst
bc5dde
%{_includedir}/irs
bc5dde
%{_includedir}/isc
bc5dde
%{_includedir}/isccfg
bc5dde
bc5dde
%files chroot
bc5dde
%defattr(-,root,root,-)
bc5dde
%{_unitdir}/named-chroot.service
fd4b48
%{_unitdir}/named-chroot-setup.service
bc5dde
%{_libexecdir}/setup-named-chroot.sh
bc5dde
%ghost %{chroot_prefix}/dev/null
bc5dde
%ghost %{chroot_prefix}/dev/random
bc5dde
%ghost %{chroot_prefix}/dev/zero
bc5dde
%defattr(0640,root,named,0750)
bc5dde
%dir %{chroot_prefix}
bc5dde
%dir %{chroot_prefix}/dev
bc5dde
%dir %{chroot_prefix}/etc
bc5dde
%dir %{chroot_prefix}/etc/named
bc5dde
%dir %{chroot_prefix}/etc/pki
bc5dde
%dir %{chroot_prefix}/etc/pki/dnssec-keys
bc5dde
%dir %{chroot_prefix}/var
bc5dde
%dir %{chroot_prefix}/run
bc5dde
%ghost %config(noreplace) %{chroot_prefix}/etc/named.conf
c8cd03
%defattr(-,root,root,-)
c8cd03
%dir %{chroot_prefix}/usr
c8cd03
%dir %{chroot_prefix}/%{_libdir}
c8cd03
%dir %{chroot_prefix}/%{_libdir}/bind
24159a
%defattr(0660,root,named,01770)
24159a
%dir %{chroot_prefix}/var/named
bc5dde
%defattr(0660,named,named,0770)
bc5dde
%dir %{chroot_prefix}/var/tmp
bc5dde
%dir %{chroot_prefix}/var/log
c8cd03
%defattr(-,named,named,-)
c8cd03
%dir %{chroot_prefix}/run/named
fd4b48
%{chroot_prefix}/var/run
bc5dde
fd4b48
%if %{SDB}
fd4b48
%files sdb-chroot
fd4b48
%defattr(-,root,root,-)
fd4b48
%{_unitdir}/named-sdb-chroot.service
fd4b48
%{_unitdir}/named-sdb-chroot-setup.service
fd4b48
%{_libexecdir}/setup-named-chroot.sh
fd4b48
%ghost %{chroot_sdb_prefix}/dev/null
fd4b48
%ghost %{chroot_sdb_prefix}/dev/random
fd4b48
%ghost %{chroot_sdb_prefix}/dev/zero
fd4b48
%defattr(0640,root,named,0750)
fd4b48
%dir %{chroot_sdb_prefix}
fd4b48
%dir %{chroot_sdb_prefix}/dev
fd4b48
%dir %{chroot_sdb_prefix}/etc
fd4b48
%dir %{chroot_sdb_prefix}/etc/named
fd4b48
%dir %{chroot_sdb_prefix}/etc/pki
fd4b48
%dir %{chroot_sdb_prefix}/etc/pki/dnssec-keys
fd4b48
%dir %{chroot_sdb_prefix}/var
fd4b48
%dir %{chroot_sdb_prefix}/run
fd4b48
%ghost %config(noreplace) %{chroot_sdb_prefix}/etc/named.conf
24159a
%defattr(0660,root,named,01770)
24159a
%dir %{chroot_sdb_prefix}/var/named
c8cd03
%defattr(-,root,root,-)
c8cd03
%dir %{chroot_sdb_prefix}/usr
c8cd03
%dir %{chroot_sdb_prefix}/%{_libdir}
c8cd03
%dir %{chroot_sdb_prefix}/%{_libdir}/bind
fd4b48
%defattr(0660,named,named,0770)
fd4b48
%dir %{chroot_sdb_prefix}/var/tmp
fd4b48
%dir %{chroot_sdb_prefix}/var/log
c8cd03
%defattr(-,named,named,-)
c8cd03
%dir %{chroot_sdb_prefix}/run/named
fd4b48
%{chroot_sdb_prefix}/var/run
fd4b48
%endif
fd4b48
bc5dde
%if %{PKCS11}
bc5dde
%files pkcs11
bc5dde
%defattr(-,root,root,-)
d56ed2
%{_sbindir}/named-pkcs11
d56ed2
%{_unitdir}/named-pkcs11.service
d56ed2
%{_mandir}/man8/named-pkcs11.8*
d56ed2
d56ed2
%files pkcs11-utils
d56ed2
%defattr(-,root,root,-)
d56ed2
%{_sbindir}/dnssec*pkcs11
bc5dde
%{_sbindir}/pkcs11-destroy
bc5dde
%{_sbindir}/pkcs11-keygen
bc5dde
%{_sbindir}/pkcs11-list
d56ed2
%{_sbindir}/pkcs11-tokens
d56ed2
%{_mandir}/man8/pkcs11*.8*
d56ed2
%{_mandir}/man8/dnssec*-pkcs11.8*
d56ed2
d56ed2
%files pkcs11-libs
d56ed2
%defattr(-,root,root,-)
d56ed2
%{_libdir}/*pkcs11.so.*
d56ed2
%{_libdir}/*pkcs11-export.so.*
d56ed2
d56ed2
%files pkcs11-devel
d56ed2
%defattr(-,root,root,-)
d56ed2
%{_includedir}/bind9/pk11
d56ed2
%{_includedir}/bind9/pkcs11
d56ed2
%{_libdir}/*pkcs11.so
d56ed2
%{_libdir}/*pkcs11-export.so
d56ed2
bc5dde
%endif
bc5dde
bc5dde
%changelog
a38b63
* Fri Nov 23 2018 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-73
a38b63
- Fixes debug level comments (#1647539)
a38b63
24159a
* Thu Sep 20 2018 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-72
24159a
- Fix automatic selinux boolean named_write_master_zones (#1569466)
24159a
- Allow starting named with readonly home again
24159a
24159a
* Wed Aug 08 2018 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-71
f51a71
- Fix CVE-2018-5740
f51a71
24159a
* Sun Jun 24 2018 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-70
24159a
- Fix compiler warnings
24159a
24159a
* Thu Jun 21 2018 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-69
24159a
- Refetch always records with TTL 0 (#1549130)
24159a
24159a
* Thu Jun 21 2018 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-68
24159a
- Detect and disable MD5 functions in FIPS 140-2 mode (#1519306)
24159a
24159a
* Thu Jun 14 2018 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-67
24159a
- Move change of dns_view_t to the end (#1452091)
24159a
24159a
* Fri Jun 01 2018 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-66
24159a
- Correct recursing file name (#1435883)
24159a
- Use python binary again, install all modules (#1510008)
24159a
24159a
* Thu May 31 2018 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-65
24159a
- Add rndc secroots and recursing output files into data (#1435883)
24159a
24159a
* Mon May 28 2018 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-64
24159a
- Backported negative trust anchors (#1452091)
24159a
24159a
* Mon May 28 2018 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-63
24159a
- Make named home writeable (#1569466)
24159a
- Change named shell to /bin/false
24159a
24159a
* Tue May 22 2018 Martin Sehnoutka <msehnout@redhat.com> - 32:9.9.4-62
24159a
- Resolves: #1510008 - add support for dnssec-keymgr
24159a
964723
* Tue Jan 16 2018 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-61
497f76
- Fix CVE-2017-3145
497f76
964723
* Tue Dec 05 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-60
964723
- Fix regression caused by bug #1470637
964723
964723
* Mon Nov 13 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-59
964723
- Support for additional signing algorithms in rndc (#1501531)
964723
- New autogenerated rndc keys will use hmac-sha256 algorithm
964723
964723
* Tue Oct 31 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-58
964723
- Fix multilib regression in headers
964723
964723
* Mon Oct 30 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-57
964723
- Add with-tunning=large support (#rh1464850)
964723
964723
* Thu Oct 19 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-56
964723
- Fix named-chroot restart leak (#1503646)
964723
964723
* Thu Oct 12 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-55
964723
- Handle dig timeouts the same way as upstream (#1470637)
964723
964723
* Wed Oct 11 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-54
964723
- Do not use next search domain on timeout from dig (#1470637)
964723
964723
* Tue Aug 01 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-53
964723
- Fixed TSIG validation of AXFR and IXFR (#1476013)
964723
964723
* Fri Jul 07 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-52
964723
- Add missing manual for dnssec-importkey (#1472862)
4e17de
d10948
* Thu Jun 29 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-51
d10948
- Fix CVE-2017-3142 and CVE-2017-3143
d10948
c8cd03
* Mon May 22 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-50
c8cd03
- Update root servers and trust anchor (#1452635)
c2d1e6
c8cd03
* Thu Apr 20 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-49
c8cd03
- Address deadlock between view.c and adb.c (#1416304)
c2d1e6
c8cd03
* Tue Apr 11 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-48
a3e803
- Fix CVE-2017-3136 (ISC change 4575)
a3e803
- Fix CVE-2017-3137 (ISC change 4578)
a3e803
c8cd03
* Wed Mar 29 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-47
c8cd03
- Simplify change of used config file, point to KB article (#1271315)
c8cd03
c8cd03
* Tue Mar 28 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-46
c8cd03
- Make comment how to use different config file (#1271315)
c8cd03
c8cd03
* Thu Mar 16 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-45
c8cd03
- Install again dns/dlz.h skipped in rebase
c8cd03
- Fixed coverity warnings on reenabled test dlzexternal
c8cd03
c8cd03
* Tue Mar 14 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-44
c8cd03
- Backported new upstream dyndb interface, removed dynamic_db (#1393886)
c8cd03
c8cd03
* Mon Feb 27 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-43
c8cd03
- Do not warn on WKS patch (#1392362)
c8cd03
c8cd03
* Tue Feb 21 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-42
c8cd03
- Support WKS records in chroot
c8cd03
c8cd03
* Wed Feb 08 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-41
7e32a4
- Fix CVE-2017-3135 (ISC change 4557)
7e32a4
- Fix and test caching CNAME before DNAME (ISC change 4558)
7e32a4
c8cd03
* Fri Jan 20 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-40
c8cd03
- Fix possible infinite loop in start_lookup (CVE-2016-2775)
c8cd03
- Do not change lib permissions in chroot (#1392531)
c8cd03
c8cd03
* Mon Jan 09 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-39
578297
- Fix CVE-2016-9131 (ISC change 4508)
578297
- Fix CVE-2016-9147 (ISC change 4510)
578297
- Fix regression introduced by CVE-2016-8864 (ISC change 4530)
578297
- Fix CVE-2016-9444 (ISC change 4517)
578297
312153
* Mon Oct 31 2016 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-38
312153
- Fix CVE-2016-8864
312153
310562
* Fri Sep 23 2016 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-37
97004c
- Fix CVE-2016-2776
97004c
310562
* Wed May 11 2016 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-36
310562
- Added automatic interface scan functionality (#1294506)
310562
- Removed NetworkManager dispatcher script since it is not needed any more (#1294506)
310562
310562
* Wed Apr 13 2016 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-35
310562
- Added GeoIP support (#1220594)
310562
310562
* Fri Apr 01 2016 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-34
310562
- Added support for CAA records (#1306610)
310562
- Use HTTPS URL instead of FTP for upstream sources (#1319280)
310562
310562
* Tue Mar 22 2016 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-33
310562
- Fix excessive queries caused by DS chasing with stub zones when DNSSEC is not used (#1291185)
310562
- Fix error in internal test suite (#1259514)
310562
- Fix named-checkconf call in *-chroot.service files (#1278082)
310562
- Fix incorrect path in BIND sample configuration and added comment to default configuration (#1247502)
310562
310562
* Tue Mar 08 2016 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-32
b2eaff
- Fix CVE-2016-1285 and CVE-2016-1286
b2eaff
310562
* Mon Jan 18 2016 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-31
e50659
- Fix CVE-2015-8704
e50659
310562
* Mon Dec 14 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-30
918839
- Fix CVE-2015-8000
918839
d56ed2
* Wed Sep 02 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-29
d56ed2
- Fix CVE-2015-5722
4be90d
d56ed2
* Wed Aug 05 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-28
d56ed2
- Increase ISC_SOCKET_MAXEVENTS to 2048 (#1235609)
d56ed2
d56ed2
* Tue Jul 28 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-27
aedf60
- Fix CVE-2015-5477
aedf60
d56ed2
* Wed Jul 08 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-26
6e2ae0
- Fix CVE-2015-4620
6e2ae0
d56ed2
* Tue Jul 07 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-25
d56ed2
- Fixed nsupdate realm auto-detection (#1214827)
d56ed2
d56ed2
* Mon Jun 29 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-24
d56ed2
- Reintroduce the DISABLE_ZONE_CHECKING into /etc/sysconfig/named (#1236475)
d56ed2
d56ed2
* Mon Jun 01 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-23
d56ed2
- Don't copy /etc/localtime on -chroot package installation (#1186773)
d56ed2
- Fix SPF resource records check to comply with RFC7208 (#1215164)
d56ed2
- Don't use ISC's DLV by default (#1223336)
d56ed2
d56ed2
* Fri May 22 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-22
d56ed2
- Add version specific requires on bind for bind-pkcs11 (Related: #1097753)
d56ed2
- Resolve issues found by static analysis (Related: #1097753)
d56ed2
d56ed2
* Thu May 21 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-21
d56ed2
- Added native PKCS#11 functionality (#1097753)
d56ed2
d56ed2
* Wed May 20 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-20
d56ed2
- DNS resolution failure in high load environment with SERVFAIL and "out of memory/success" in the log (#1221180)
d56ed2
d56ed2
* Thu May 14 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-19
d56ed2
- Install config for tmpfiles under %%{_tmpfilesdir} (#1180976)
d56ed2
- Fixed systemctl path in logrotate configuration (#1164264)
d56ed2
- remove information about system-config-bind from named.8 man page (#1152066)
d56ed2
c25660
* Mon Mar 02 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-18.1
c25660
- Fix CVE-2015-1349
c25660
d4e835
* Wed Dec 10 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-18
d4e835
- Fix CVE-2014-8500 (#1171976)
d4e835
d4e835
* Thu Sep 18 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-17
d4e835
- Fix error in dyndb API that can cause named to freeze on shutdown (#1142150)
d4e835
- Fix error in triggerun scriptlet (#1143033)
d4e835
- Remove /var/named/chroot/var/run on bind-chroot update if it is a directory (#1091341)
d4e835
d4e835
* Thu Aug 21 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-16
d4e835
- Add versioned requires on bind-libs to bind-utils and bind-sdb
d4e835
d4e835
* Wed Aug 20 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-15
d4e835
- Use /dev/urandom when generating rndc.key file (#1107568)
d4e835
- Allow authentication using TSIG in allow-notify configuration statement (#1067424)
d4e835
- Fix race condition when destroying a resolver fetch object (#1072379)
d4e835
- Increase defaults for lwresd workers and make workers and client objects number configurable (#1098959)
d4e835
- Configure BIND with --with-dlopen=yes to support dynamically loadable DLZ drivers (#1096688)
5c48e4
fd4b48
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 32:9.9.4-14
fd4b48
- Mass rebuild 2014-01-24
fd4b48
fd4b48
* Wed Jan 15 2014 Honza Horak <hhorak@redhat.com> - 32:9.9.4-13
fd4b48
- Rebuild for mariadb-libs
fd4b48
  Related: #1045013
fd4b48
fd4b48
* Tue Jan 14 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.4-12
fd4b48
- Fix CVE-2014-0591
fd4b48
fd4b48
* Mon Jan 06 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.4-11
fd4b48
- Build against libdb instead of libdb4 (#1044990)
fd4b48
fd4b48
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 32:9.9.4-10
fd4b48
- Mass rebuild 2013-12-27
fd4b48
fd4b48
* Wed Dec 18 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-9
fd4b48
- Fix crash in rbtdb after two sucessive getoriginnode() calls (#1044026)
fd4b48
fd4b48
* Tue Dec 17 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-8
fd4b48
- Split chroot package for named and named-sdb
fd4b48
- Extract setting-up/destroying of chroot to a separate systemd service (#1004300)
fd4b48
fd4b48
* Thu Dec 05 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-7
fd4b48
- Create symlink /var/named/chroot/var/run -> /var/named/chroot/run (#1024384)
fd4b48
- Added session-keyfile statement into default named.conf since we use /run/named (#1024384)
fd4b48
fd4b48
* Thu Nov 28 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-6
fd4b48
- Fixed memory leak in nsupdate if 'realm' was used multiple times (#1034824)
fd4b48
fd4b48
* Tue Nov 12 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-5
fd4b48
- Install configuration for rwtab and fix chroot setup script (#1028189)
fd4b48
- use --enable-filter-aaaa when building bind to enable filter-aaaa-on-v4 option (#1025245)
fd4b48
bc5dde
* Thu Oct 31 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-4
bc5dde
- Correct the patch for #1020683
bc5dde
bc5dde
* Tue Oct 29 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-3
bc5dde
- Fix race condition on send buffers in dighost.c (#1020683)
bc5dde
bc5dde
* Tue Oct 08 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-2
bc5dde
- install isc/errno2result.h header (#1015165)
bc5dde
bc5dde
* Mon Sep 23 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-1
bc5dde
- update to 9.9.4 (#1010200)
bc5dde
- drop merged patches
bc5dde
- modify patches to fit on new version
bc5dde
bc5dde
* Tue Sep 10 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-8.P2
bc5dde
- Fix [ISC-Bugs #34738] dns_journal_open() returns a pointer to stack
bc5dde
bc5dde
* Fri Aug 16 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-7.P2
bc5dde
- Don't generate rndc.key if there exists rndc.conf
bc5dde
bc5dde
* Fri Aug 16 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-6.P2
bc5dde
- don't install named-sdb.service if SDB macro is defined to zero
bc5dde
bc5dde
* Sun Jul 28 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-5.P2
bc5dde
- update to 9.9.3-P2 (fix for CVE-2013-4854)
bc5dde
- update RRL patch to 9.9.3-P2-rl.13207.22
bc5dde
- Fix script for setting up chroot so it unmounts everything successfully
bc5dde
bc5dde
* Wed Jul 10 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-4.P1
bc5dde
- Fix dates in Changelog
bc5dde
bc5dde
* Wed Jun 05 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-3.P1
bc5dde
- update to 9.9.3-P1 (fix for CVE-2013-3919)
bc5dde
- update RRL patch to 9.9.3-P1-rl.156.01
bc5dde
bc5dde
* Mon Jun 03 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-2
bc5dde
- bump release to prevent update path issues
bc5dde
bc5dde
* Mon Jun 03 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-1
bc5dde
- update to 9.9.3
bc5dde
- install dns/update.h header
bc5dde
- update RRL patch to the latest version 9.9.3-rl.150.20
bc5dde
bc5dde
* Fri May 17 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-0.7.rc2
bc5dde
- Fix segfault in host/nslookup (#878139)
bc5dde
bc5dde
* Mon May 13 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-0.6.rc2
bc5dde
- update to 9.9.3rc2
bc5dde
- part of bind97-exportlib.patch not needed any more
bc5dde
- bind-9.9.1-P2-multlib-conflict.patch modified to reflect latest source
bc5dde
- rl-9.9.3rc1.patch -> rl-9.9.3rc2.patch
bc5dde
- bind99-opts.patch merged
bc5dde
bc5dde
* Fri May 03 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-0.5.rc1
bc5dde
- Include recursion Warning in named.conf and named.conf.sample (#740894)
bc5dde
- Include managed-keys-directory statement in named.conf.sample (#948026)
bc5dde
bc5dde
* Thu May 02 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-0.4.rc1
bc5dde
- Fix zone2sqlite to quote table names when creating/dropping/inserting (#919417)
bc5dde
bc5dde
* Fri Apr 19 2013 Adam Tkac <atkac redhat="" com=""> 32:9.9.3-0.3.rc1
bc5dde
- fix crash in nsupdate when processing "-r" parameter (#949544)
bc5dde
bc5dde
* Tue Apr 16 2013 Adam Tkac <atkac redhat="" com=""> 32:9.9.3-0.2.rc1
bc5dde
- ship dns/rrl.h in -devel subpkg
bc5dde
bc5dde
* Tue Apr 16 2013 Adam Tkac <atkac redhat="" com=""> 32:9.9.3-0.1.rc1
bc5dde
- update to 9.9.3rc1
bc5dde
- bind-96-libtool2.patch has been merged
bc5dde
- fix bind tmpfiles.d for named.pid /run migration (#920713)
bc5dde
bc5dde
* Wed Mar 27 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.2-12.P2
bc5dde
- New upstream patch version fixing CVE-2013-2266 (#928032)
bc5dde
bc5dde
* Tue Mar 19 2013 Adam Tkac <atkac redhat="" com=""> 32:9.9.2-11.P1
bc5dde
- move pidfile to /run/named/named.pid
bc5dde
bc5dde
* Wed Mar 06 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.2-10.P1
bc5dde
- Fix Makefile.in to include header added by rate limiting patch (#918330)
bc5dde
bc5dde
* Tue Mar 05 2013 Adam Tkac <atkac redhat="" com=""> 32:9.9.2-9.P1
bc5dde
- drop some developer-only documentation and move ARM to %%docdir
bc5dde
bc5dde
* Mon Feb 18 2013 Adam Tkac <atkac redhat="" com=""> 32:9.9.2-8.P1
bc5dde
- include rate limiting patch
bc5dde
bc5dde
* Tue Jan 29 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.2-7.P1
bc5dde
- Corrected IP addresses in named.ca (#901741)
bc5dde
- mount/umount /var/named in setup-named-chroot.sh as the last one (#904666)
bc5dde
bc5dde
* Thu Dec 20 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.2-6.P1
bc5dde
- generate /etc/rndc.key during named service startup if doesn't exist
bc5dde
- increase startup timeout in systemd units to 90sec (default)
bc5dde
- fix IDN related statement in dig.1 manpage
bc5dde
bc5dde
* Wed Dec 05 2012 Tomas Hozza <thozza@redhat.com> 32:9.9.2-5.P1
bc5dde
- update to bind-9.9.2-P1
bc5dde
bc5dde
* Mon Nov 12 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.2-4
bc5dde
- document dig exit codes in manpage
bc5dde
- ignore empty "search" options in resolv.conf
bc5dde
bc5dde
* Mon Nov 12 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.2-3
bc5dde
- drop PKCS11 support on rhel
bc5dde
bc5dde
* Thu Oct 11 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.2-2
bc5dde
- install isc/stat.h
bc5dde
bc5dde
* Thu Oct 11 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.2-1
bc5dde
- update to 9.9.2
bc5dde
- bind97-rh714049.patch has been dropped
bc5dde
- patches merged
bc5dde
  - bind98-rh816164.patch
bc5dde
bc5dde
* Thu Sep 13 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.1-10.P3
bc5dde
- update to bind-9.9.1-P3
bc5dde
bc5dde
* Wed Aug 22 2012 Tomas Hozza <thozza@redhat.com> 32:9.9.1-9.P2
bc5dde
- fixed SPEC file so it comply with new systemd-rpm macros guidelines (#850045)
bc5dde
- changed %%define macros to %%global and fixed several rpmlint warnings
bc5dde
bc5dde
* Wed Aug 08 2012 Tomas Hozza <thozza@redhat.com> 32:9.9.1-8.P2
bc5dde
- Changed PrivateTmp to "false" in *-chroot.service unit files (#825869)
bc5dde
bc5dde
* Wed Aug 01 2012 Tomas Hozza <thozza@redhat.com> 32:9.9.1-7.P2
bc5dde
- Fixed bind-devel multilib conflict (#478718)
bc5dde
bc5dde
* Mon Jul 30 2012 Tomas Hozza <thozza@redhat.com> 32:9.9.1-6.P2
bc5dde
- Fixed bad path to systemctl in /etc/NetworkManager/dispatcher.d/13-named (#844047)
bc5dde
- Fixed path to libdb.so in config.dlz.in
bc5dde
bc5dde
* Thu Jul 26 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.1-5.P2
bc5dde
- update to 9.9.1-P2
bc5dde
bc5dde
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 32:9.9.1-4.P1
bc5dde
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
bc5dde
bc5dde
* Wed Jul 11 2012 Ville Skyttä <ville.skytta@iki.fi> - 32:9.9.1-3.P1
bc5dde
- Avoid shell invocation and dep for -libs-lite %%postun.
bc5dde
bc5dde
* Mon Jun 04 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.1-2.P1
bc5dde
- update to 9.9.1-P1 (CVE-2012-1667)
bc5dde
bc5dde
* Thu May 24 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.1-1
bc5dde
- update to 9.9.1
bc5dde
- bind99-coverity.patch merged
bc5dde
- bind-9.5-overflow.patch merged
bc5dde
bc5dde
* Mon May 07 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.0-6
bc5dde
- nslookup: return non-zero exit code when fail to get answer (#816164)
bc5dde
bc5dde
* Thu Apr 26 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.0-5
bc5dde
- initscript: don't umount /var/named when didn't mount it
bc5dde
bc5dde
* Tue Apr 24 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.0-4
bc5dde
- apply all non-SDB patches before SDB ones (#804475)
bc5dde
- enable Berkeley DB DLZ backend (#804478)
bc5dde
bc5dde
* Thu Apr 12 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.0-3
bc5dde
- bind97-rh699951.patch is no longer needed (different fix is in 9.9.0)
bc5dde
bc5dde
* Mon Mar 26 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.0-2
bc5dde
- remove unneeded bind99-v6only.patch
bc5dde
bc5dde
* Mon Mar 05 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.0-1
bc5dde
- update to 9.9.0
bc5dde
- load dynamic DBs later (and update dyndb patch)
bc5dde
- fix memory leak in named during processing of rndc command
bc5dde
- don't call `rndc-confgen -a` in "post" section
bc5dde
- fix some packaging bugs in bind-chroot
bc5dde
bc5dde
* Wed Feb 15 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.0-0.8.rc2
bc5dde
- build with "--enable-fixed-rrset"
bc5dde
bc5dde
* Wed Feb 01 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.0-0.7.rc2
bc5dde
- update to 9.9.0rc2
bc5dde
- doc/rfc and doc/draft are no longer shipped in tarball
bc5dde
bc5dde
* Mon Jan 30 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.0-0.6.rc1
bc5dde
- retire initscript in favour of systemd unit files (#719419)
bc5dde
bc5dde
* Thu Jan 12 2012 Adam Tkac <atkac redhat="" com=""> 32:9.9.0-0.5.rc1
bc5dde
- update to 9.9.0rc1
bc5dde
bc5dde
* Wed Dec 07 2011 Adam Tkac <atkac redhat="" com=""> 32:9.9.0-0.4.b2
bc5dde
- ship dns/forward.h in -devel subpkg
bc5dde
bc5dde
* Tue Nov 22 2011 Adam Tkac <atkac redhat="" com=""> 32:9.9.0-0.3.b2
bc5dde
- update to 9.9.0b2 (CVE-2011-4313)
bc5dde
- patches merged
bc5dde
  - bind97-rh700097.patch
bc5dde
  - bind99-cinfo.patch
bc5dde
bc5dde
* Mon Nov 14 2011 Adam Tkac <atkac redhat="" com=""> 32:9.9.0-0.2.b1
bc5dde
- ship dns/clientinfo.h in bind-devel
bc5dde
bc5dde
* Fri Nov 11 2011 Adam Tkac <atkac redhat="" com=""> 32:9.9.0-0.1.b1
bc5dde
- update to 9.9.0b1
bc5dde
- bind98-dlz_buildfix.patch merged
bc5dde
bc5dde
* Fri Oct 28 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.1-4
bc5dde
- nslookup failed to resolve name in certain cases
bc5dde
bc5dde
* Mon Sep 26 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.1-3
bc5dde
- remove deps filter, it is no longer needed (#739663)
bc5dde
bc5dde
* Fri Sep 09 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.1-2
bc5dde
- fix logrotate config file (#725256)
bc5dde
bc5dde
* Wed Sep 07 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.1-1
bc5dde
- update to 9.8.1
bc5dde
- ship /etc/trusted-key.key (needed by dig)
bc5dde
- use select instead of epoll in export libs (#735103)
bc5dde
bc5dde
* Wed Aug 31 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.1-0.3.rc1
bc5dde
- fix DLZ related compilation issues
bc5dde
- make /etc/named.{root,iscdlv}.key world-readable
bc5dde
- add bind-libs versioned requires to bind pkg
bc5dde
bc5dde
* Wed Aug 31 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.1-0.2.rc1
bc5dde
- fix rare race condition in request.c
bc5dde
- print "the working directory is not writable" as debug message
bc5dde
- re-add configtest target to initscript
bc5dde
- initscript: sybsys name is always named, not named-sdb
bc5dde
- nsupdate returned zero when target zone didn't exist (#700097)
bc5dde
- nsupdate could have failed if server has multiple IPs and the first
bc5dde
  was unreachable (#714049)
bc5dde
bc5dde
* Wed Aug 31 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.1-0.1.rc1
bc5dde
- update to 9.8.1rc1
bc5dde
- patches merged
bc5dde
  - bind97-rh674334.patch
bc5dde
  - bind97-cleanup.patch
bc5dde
  - bind98-includes.patch
bc5dde
bc5dde
* Wed Aug 03 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.0-9.P4
bc5dde
- improve patch for #725741
bc5dde
bc5dde
* Tue Jul 26 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.0-8.P4
bc5dde
- named could have crashed during reload when dyndb module is used (#725741)
bc5dde
bc5dde
* Tue Jul 05 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.0-7.P4
bc5dde
- update to 9.8.0-P4
bc5dde
  - bind98-libdns-export.patch merged
bc5dde
bc5dde
* Thu Jun 02 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.0-6.P2
bc5dde
- update the dyndb patch
bc5dde
bc5dde
* Fri May 27 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.0-5.P2
bc5dde
- fix compilation of libdns-export.so
bc5dde
bc5dde
* Fri May 27 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.0-4.P2
bc5dde
- update to 9.8.0-P2 (CVE-2011-1910)
bc5dde
bc5dde
* Fri May 06 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.0-3.P1
bc5dde
- update to 9.8.0-P1 (CVE-2011-1907)
bc5dde
bc5dde
* Wed Mar 23 2011 Dan Horák <dan@danny.cz> - 32:9.8.0-2
bc5dde
- rebuilt for mysql 5.5.10 (soname bump in libmysqlclient)
bc5dde
bc5dde
* Thu Mar 03 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.0-1
bc5dde
- update to 9.8.0
bc5dde
- bind97-rh665971.patch merged
bc5dde
bc5dde
* Thu Mar 03 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.0-0.4.rc1
bc5dde
- revert previous change (integration with libnmserver)
bc5dde
bc5dde
* Tue Feb 22 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.0-0.3.rc1
bc5dde
- integrate named with libnmserver library
bc5dde
bc5dde
* Tue Feb 22 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.0-0.2.rc1
bc5dde
- include dns/rpz.h in -devel subpkg
bc5dde
bc5dde
* Mon Feb 21 2011 Adam Tkac <atkac redhat="" com=""> 32:9.8.0-0.1.rc1
bc5dde
- update to 9.8.0rc1
bc5dde
bc5dde
* Fri Feb 18 2011 Adam Tkac <atkac redhat="" com=""> 32:9.7.3-1
bc5dde
- update to 9.7.3
bc5dde
- fix dig +trace on dualstack systems (#674334)
bc5dde
- fix linkage order when building on system with older BIND (#665971)
bc5dde
- reduce number of gcc warnings
bc5dde
bc5dde
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 32:9.7.3-0.6.rc1
bc5dde
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
bc5dde
bc5dde
* Tue Jan 25 2011 Adam Tkac <atkac redhat="" com=""> 32:9.7.3-0.5.rc1
bc5dde
- update to 9.7.3rc1
bc5dde
  - bind97-krb5-self.patch merged
bc5dde
bc5dde
* Wed Jan 12 2011 Adam Tkac <atkac redhat="" com=""> 32:9.7.3-0.4.b1
bc5dde
- fix typo in initscript
bc5dde
bc5dde
* Thu Jan 06 2011 Adam Tkac <atkac redhat="" com=""> 32:9.7.3-0.3.b1
bc5dde
- fix "service named status" when used with named-sdb
bc5dde
- don't check MD5, size and mtime of sysconfig/named
bc5dde
bc5dde
* Wed Jan 05 2011 Adam Tkac <atkac redhat="" com=""> 32:9.7.3-0.2.b1
bc5dde
- add new option DISABLE_ZONE_CHECKING to sysconfig/named
bc5dde
bc5dde
* Wed Jan 05 2011 Adam Tkac <atkac redhat="" com=""> 32:9.7.3-0.1.b1
bc5dde
- update to 9.7.3b1
bc5dde
bc5dde
* Wed Jan 05 2011 Adam Tkac <atkac redhat="" com=""> 32:9.7.2-10.P3
bc5dde
- initscript should terminate only the correct "named" process (#622785)
bc5dde
bc5dde
* Mon Dec 20 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.2-9.P3
bc5dde
- fix "krb5-self" update-policy rule processing
bc5dde
bc5dde
* Thu Dec 02 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.2-8.P3
bc5dde
- update to 9.7.2-P3
bc5dde
bc5dde
* Mon Nov 29 2010 Jan Görig <jgorig redhat="" com=""> 32:9.7.2-7.P2
bc5dde
- added tmpfiles.d support (#656550)
bc5dde
- removed old PID checking in initscript
bc5dde
bc5dde
* Mon Nov 08 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.2-6.P2
bc5dde
- don't emit various informational messages by default (#645544)
bc5dde
bc5dde
* Wed Oct 20 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.2-5.P2
bc5dde
- move BIND9 internal libs back to %%{_libdir}
bc5dde
- add "-export" suffix to public libraries (-lite subpkg)
bc5dde
bc5dde
* Thu Oct 07 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.2-4.P2
bc5dde
- ship -devel subpkg for internal libs, dnsperf needs it
bc5dde
bc5dde
* Thu Oct 07 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.2-3.P2
bc5dde
- new bind-libs-lite and bind-lite-devel subpkgs which contain
bc5dde
  public version of BIND 9 libraries
bc5dde
- don't ship devel files for internal version of BIND 9 libraries
bc5dde
bc5dde
* Wed Sep 29 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.2-2.P2
bc5dde
- update to 9.7.2-P2
bc5dde
bc5dde
* Thu Sep 16 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.2-1
bc5dde
- update to 9.7.2
bc5dde
bc5dde
* Fri Aug 27 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.2-0.3.rc1
bc5dde
- update to 9.7.2rc1
bc5dde
bc5dde
* Tue Aug 10 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.2-0.2.b1
bc5dde
- host: handle "debug", "attempts" and "timeout" options in resolv.conf well
bc5dde
bc5dde
* Tue Aug 03 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.2-0.1.b1
bc5dde
- update to 9.7.2b1
bc5dde
- patches merged
bc5dde
  - bind97-rh507429.patch
bc5dde
bc5dde
* Mon Jul 19 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.1-5.P2
bc5dde
- supply root zone DNSKEY in default configuration
bc5dde
bc5dde
* Mon Jul 19 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.1-4.P2
bc5dde
- update to 9.7.1-P2 (CVE-2010-0213)
bc5dde
bc5dde
* Mon Jul 12 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.1-3.P1
bc5dde
- remove outdated Copyright.caching-nameserver file
bc5dde
- remove rfc1912.txt, it is already located in %%doc/rfc directory
bc5dde
- move COPYRIGHT to the bind-libs subpkg
bc5dde
- add COPYRIGHT to the -pkcs11 subpkg
bc5dde
bc5dde
* Fri Jul 09 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.1-2.P1
bc5dde
- update to 9.7.1-P1
bc5dde
bc5dde
* Mon Jun 28 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.1-1
bc5dde
- update to 9.7.1
bc5dde
- improve the "dnssec-conf" trigger
bc5dde
bc5dde
* Wed Jun 09 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.1-0.2.rc1
bc5dde
- update to 9.7.1rc1
bc5dde
- patches merged
bc5dde
  - bind97-keysdir.patch
bc5dde
bc5dde
* Mon May 31 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.1-0.1.b1
bc5dde
- update to 9.7.1b1
bc5dde
- make /var/named/dynamic as a default directory for managed DNSSEC keys
bc5dde
- add patch to get "managed-keys-directory" option working
bc5dde
- patches merged
bc5dde
  - bind97-managed-keyfile.patch
bc5dde
  - bind97-rh554316.patch
bc5dde
bc5dde
* Fri May 21 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-11.P2
bc5dde
- update dnssec-conf Obsoletes/Provides
bc5dde
bc5dde
* Thu May 20 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-10.P2
bc5dde
- update to 9.7.0-P2
bc5dde
bc5dde
* Fri Mar 26 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-9.P1
bc5dde
- added lost patch for #554316 (occasional crash in keytable.c)
bc5dde
bc5dde
* Fri Mar 26 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-8.P1
bc5dde
- active query might be destroyed in resume_dslookup() which triggered REQUIRE
bc5dde
  failure (#507429)
bc5dde
bc5dde
* Mon Mar 22 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-7.P1
bc5dde
- install SDB related manpages only when build with SDB
bc5dde
bc5dde
* Fri Mar 19 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-6.P1
bc5dde
- update to 9.7.0-P1
bc5dde
bc5dde
* Tue Mar 16 2010 Jan Görig <jgorig redhat="" com=""> 32:9.7.0-5
bc5dde
- bind-sdb now requires bind
bc5dde
bc5dde
* Mon Mar 15 2010 Jan Görig <jgorig redhat="" com=""> 32:9.7.0-4
bc5dde
- add man-pages ldap2zone.1 zonetodb.1 zone2sqlite.1 named-sdb.8 (#525655)
bc5dde
bc5dde
* Mon Mar 01 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-3
bc5dde
- fix multilib issue (#478718) [jgorig]
bc5dde
bc5dde
* Mon Mar 01 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-2
bc5dde
- improve automatic DNSSEC reconfiguration trigger
bc5dde
- initscript now returns 2 in case that action doesn't exist (#523435)
bc5dde
- enable/disable chroot when bind-chroot is installed/uninstalled
bc5dde
bc5dde
* Wed Feb 17 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-1
bc5dde
- update to 9.7.0 final
bc5dde
bc5dde
* Mon Feb 15 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-0.14.rc2
bc5dde
- obsolete dnssec-conf
bc5dde
- automatically update configuration from old dnssec-conf based
bc5dde
- improve default configuration; enable DLV by default
bc5dde
- remove obsolete triggerpostun from bind-libs subpackage
bc5dde
bc5dde
* Thu Jan 28 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-0.13.rc2
bc5dde
- update to 9.7.0rc2
bc5dde
bc5dde
* Wed Jan 27 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-0.12.rc1
bc5dde
- initscript LSB related fixes (#523435)
bc5dde
bc5dde
* Wed Jan 27 2010 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-0.11.rc1
bc5dde
- revert the "DEBUG" feature (#510283), it causes too many problems (#545128)
bc5dde
bc5dde
* Tue Dec 15 2009 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-0.10.rc1
bc5dde
- update to 9.7.0rc1
bc5dde
- bind97-headers.patch merged
bc5dde
- update default configuration
bc5dde
bc5dde
* Tue Dec 01 2009 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-0.9.b3
bc5dde
- update to 9.7.0b3
bc5dde
bc5dde
* Thu Nov 26 2009 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-0.8.b2
bc5dde
- install isc/namespace.h header
bc5dde
bc5dde
* Fri Nov 06 2009 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-0.7.b2
bc5dde
- update to 9.7.0b2
bc5dde
bc5dde
* Tue Nov 03 2009 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-0.6.b1
bc5dde
- update to 9.7.0b1
bc5dde
- add bind-pkcs11 subpackage to support PKCS11 compatible keystores for DNSSEC
bc5dde
  keys
bc5dde
bc5dde
* Thu Oct 08 2009 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-0.5.a3
bc5dde
- don't package named-bootconf utility, it is very outdated and unneeded
bc5dde
bc5dde
* Mon Sep 21 2009 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-0.4.a3
bc5dde
- determine file size via `stat` instead of `ls` (#523682)
bc5dde
bc5dde
* Wed Sep 16 2009 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-0.3.a3
bc5dde
- update to 9.7.0a3
bc5dde
bc5dde
* Tue Sep 15 2009 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-0.2.a2
bc5dde
- improve chroot related documentation (#507795)
bc5dde
- add NetworkManager dispatcher script to reload named when network interface is
bc5dde
  activated/deactivated (#490275)
bc5dde
- don't set/unset named_write_master_zones SELinux boolean every time in
bc5dde
  initscript, modify it only when it's actually needed
bc5dde
bc5dde
* Tue Sep 15 2009 Adam Tkac <atkac redhat="" com=""> 32:9.7.0-0.1.a2
bc5dde
- update to 9.7.0a2
bc5dde
- merged patches
bc5dde
  - bind-96-db_unregister.patch
bc5dde
  - bind96-rh507469.patch
bc5dde
bc5dde
* Tue Sep 01 2009 Adam Tkac <atkac redhat="" com=""> 32:9.6.1-9.P1
bc5dde
- next attempt to fix the postun trigger (#520385)
bc5dde
- remove obsolete bind-9.3.1rc1-fix_libbind_includedir.patch
bc5dde
bc5dde
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 32:9.6.1-8.P1
bc5dde
- rebuilt with new openssl
bc5dde
bc5dde
* Tue Aug 04 2009 Martin Nagy <mnagy redhat="" com=""> 32:9.6.1-7.P1
bc5dde
- update the patch for dynamic loading of database backends
bc5dde
bc5dde
* Wed Jul 29 2009 Adam Tkac <atkac redhat="" com=""> 32:9.6.1-6.P1
bc5dde
- 9.6.1-P1 release (CVE-2009-0696)
bc5dde
- fix postun trigger (#513016, hopefully)
bc5dde
bc5dde
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 32:9.6.1-5
bc5dde
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
bc5dde
bc5dde
* Mon Jul 20 2009 Adam Tkac <atkac redhat="" com=""> 32:9.6.1-4
bc5dde
- remove useless bind-9.3.3rc2-rndckey.patch
bc5dde
bc5dde
* Mon Jul 13 2009 Adam Tkac <atkac redhat="" com=""> 32:9.6.1-3
bc5dde
- fix broken symlinks in bind-libs (#509635)
bc5dde
- fix typos in /etc/sysconfig/named (#509650)
bc5dde
- add DEBUG option to /etc/sysconfig/named (#510283)
bc5dde
bc5dde
* Wed Jun 24 2009 Adam Tkac <atkac redhat="" com=""> 32:9.6.1-2
bc5dde
- improved "chroot automount" patches (#504596)
bc5dde
- host should fail if specified server doesn't respond (#507469)
bc5dde
bc5dde
* Wed Jun 17 2009 Adam Tkac <atkac redhat="" com=""> 32:9.6.1-1
bc5dde
- 9.6.1 release
bc5dde
- simplify chroot maintenance. Important files and directories are mounted into
bc5dde
  chroot (see /etc/sysconfig/named for more info, #504596)
bc5dde
- fix doc/named.conf.default perms
bc5dde
bc5dde
* Wed May 27 2009 Adam Tkac <atkac redhat="" com=""> 32:9.6.1-0.4.rc1
bc5dde
- 9.6.1rc1 release
bc5dde
bc5dde
* Wed Apr 29 2009 Martin Nagy <mnagy redhat="" com=""> 32:9.6.1-0.3.b1
bc5dde
- update the patch for dynamic loading of database backends
bc5dde
- create %%{_libdir}/bind directory
bc5dde
- copy default named.conf to doc directory, shared with s-c-bind (atkac)
bc5dde
bc5dde
* Fri Apr 24 2009 Martin Nagy <mnagy redhat="" com=""> 32:9.6.1-0.2.b1
bc5dde
- update the patch for dynamic loading of database backends
bc5dde
- fix dns_db_unregister()
bc5dde
- useradd now takes "-N" instead of "-n" (atkac, #495726)
bc5dde
- print nicer error msg when zone file is actually a directory (atkac, #490837)
bc5dde
bc5dde
* Mon Mar 30 2009 Adam Tkac <atkac redhat="" com=""> 32:9.6.1-0.1.b1
bc5dde
- 9.6.1b1 release
bc5dde
- patches merged
bc5dde
  - bind-96-isc_header.patch
bc5dde
  - bind-95-rh469440.patch
bc5dde
  - bind-96-realloc.patch
bc5dde
  - bind9-fedora-0001.diff
bc5dde
- use -version-number instead of -version-info libtool param
bc5dde
bc5dde
* Mon Mar 23 2009 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-11.1.P1
bc5dde
- logrotate configuration file now points to /var/named/data/named.run by
bc5dde
  default (#489986)
bc5dde
bc5dde
* Tue Mar 17 2009 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-11.P1
bc5dde
- fall back to insecure mode when no supported DNSSEC algorithm is found
bc5dde
  instead of SERVFAIL
bc5dde
- don't fall back to non-EDNS0 queries when DO bit is set
bc5dde
bc5dde
* Tue Mar 10 2009 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-10.P1
bc5dde
- enable DNSSEC only if it is enabled in sysconfig/dnssec
bc5dde
bc5dde
* Mon Mar 09 2009 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-9.P1
bc5dde
- add DNSSEC support to initscript, enabled it per default
bc5dde
- add requires dnssec-conf
bc5dde
bc5dde
* Mon Mar 09 2009 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-8.P1
bc5dde
- fire away libbind, it is now separate package
bc5dde
bc5dde
* Wed Mar 04 2009 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-7.P1
bc5dde
- fixed some read buffer overflows (upstream)
bc5dde
bc5dde
* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> 32:9.6.0-6.P1
bc5dde
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
bc5dde
bc5dde
* Thu Feb 12 2009 Martin Nagy <mnagy redhat="" com=""> 32:9.6.0-5.P1
bc5dde
- update the patch for dynamic loading of database backends
bc5dde
- include iterated_hash.h
bc5dde
bc5dde
* Sat Jan 24 2009 Caolán McNamara <caolanm@redhat.com> 32:9.6.0-4.P1
bc5dde
- rebuild for dependencies
bc5dde
bc5dde
* Wed Jan 21 2009 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-3.P1
bc5dde
- rebuild against new openssl
bc5dde
bc5dde
* Thu Jan 08 2009 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-2.P1
bc5dde
- 9.6.0-P1 release (CVE-2009-0025)
bc5dde
bc5dde
* Mon Jan 05 2009 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-1
bc5dde
- Happy new year
bc5dde
- 9.6.0 release
bc5dde
bc5dde
* Thu Dec 18 2008 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-0.7.rc2
bc5dde
- 9.6.0rc2 release
bc5dde
- bind-96-rh475120.patch merged
bc5dde
bc5dde
* Tue Dec 16 2008 Martin Nagy <mnagy redhat="" com=""> 32:9.6.0-0.6.rc1
bc5dde
- add patch for dynamic loading of database backends
bc5dde
bc5dde
* Tue Dec 09 2008 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-0.5.1.rc1
bc5dde
- allow to reuse address for non-random query-source ports (#475120)
bc5dde
bc5dde
* Wed Dec 03 2008 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-0.5.rc1
bc5dde
- 9.6.0rc1 release
bc5dde
- patches merged
bc5dde
  - bind-9.2.0rc3-varrun.patch
bc5dde
  - bind-95-sdlz-include.patch
bc5dde
  - bind-96-libxml2.patch
bc5dde
- fixed rare use-after-free problem in host utility (#452060)
bc5dde
- enabled chase of DNSSEC signature chains in dig
bc5dde
bc5dde
* Mon Dec 01 2008 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-0.4.1.b1
bc5dde
- improved sample config file (#473586)
bc5dde
bc5dde
* Wed Nov 26 2008 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-0.4.b1
bc5dde
- reverted previous change, koji doesn't like it
bc5dde
bc5dde
* Wed Nov 26 2008 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-0.3.b1
bc5dde
- build bind-chroot as noarch
bc5dde
bc5dde
* Mon Nov 24 2008 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-0.2.1.b1
bc5dde
- updates due libtool 2.2.6
bc5dde
- don't pass -DLDAP_DEPRECATED to cpp, handle it directly in sources
bc5dde
bc5dde
* Tue Nov 11 2008 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-0.2.b1
bc5dde
- make statistics http server working, patch backported from 9.6 HEAD
bc5dde
bc5dde
* Mon Nov 10 2008 Adam Tkac <atkac redhat="" com=""> 32:9.6.0-0.1.b1
bc5dde
- 9.6.0b1 release
bc5dde
- don't build ODBC and Berkeley DB DLZ drivers
bc5dde
- end of bind-chroot-admin script, copy config files to chroot manually
bc5dde
- /proc doesn't have to be mounted to chroot
bc5dde
- temporary use libbind from 9.5 series, noone has been released for 9.6 yet
bc5dde
bc5dde
* Mon Nov 03 2008 Adam Tkac <atkac redhat="" com="